From 5b6a7c201b2ecec5c462aa800973db302ecd46f0 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Thu, 10 Dec 2015 07:54:06 +0000 Subject: [PATCH] move all interact code to protocol.py --- cowrie/core/interact.py | 2 +- cowrie/core/protocol.py | 42 ++++++++++++++++++++--------------------- cowrie/core/ssh.py | 3 --- 3 files changed, 22 insertions(+), 25 deletions(-) diff --git a/cowrie/core/interact.py b/cowrie/core/interact.py index 332b324..6266f2a 100644 --- a/cowrie/core/interact.py +++ b/cowrie/core/interact.py @@ -86,7 +86,7 @@ class Interact(telnet.Telnet): if not self.readonly: if type(bytes) == type(''): ttylog.ttylog_write( - self.interacting.terminal.transport.session.conn.transport.ttylog_file, + self.interacting.terminal.ttylog_file, len(bytes), ttylog.TYPE_INTERACT, time.time(), bytes) for c in bytes: recvline.HistoricRecvLine.keystrokeReceived( diff --git a/cowrie/core/protocol.py b/cowrie/core/protocol.py index a87345e..2b9d68a 100644 --- a/cowrie/core/protocol.py +++ b/cowrie/core/protocol.py @@ -256,15 +256,13 @@ class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLin def addInteractor(self, interactor): """ """ - transport = self.terminal.transport.session.conn.transport - transport.interactors.append(interactor) + self.terminal.interactors.append(interactor) def delInteractor(self, interactor): """ """ - transport = self.terminal.transport.session.conn.transport - transport.interactors.remove(interactor) + self.terminal.interactors.remove(interactor) def displayMOTD(self): @@ -383,6 +381,7 @@ class LoggingServerProtocol(insults.ServerProtocol): insults.ServerProtocol.__init__(self, prot, *a, **kw) self.cfg = a[0].cfg self.bytesReceived = 0 + self.interactors = [] try: self.bytesReceivedLimit = int(self.cfg.get('honeypot', 'download_limit_size')) @@ -398,24 +397,22 @@ class LoggingServerProtocol(insults.ServerProtocol): def connectionMade(self): """ """ - transport = self.transport.session.conn.transport + transportId = self.transport.session.conn.transport.transportId channelId = self.transport.session.id - transport.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ + self.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ (self.cfg.get('honeypot', 'log_path'), - time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId, + time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) - - self.ttylog_file = transport.ttylog_file - log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file, - format='Opening TTY Log: %(ttylog)s') - - ttylog.ttylog_open(transport.ttylog_file, time.time()) + ttylog.ttylog_open(self.ttylog_file, time.time()) self.ttylog_open = True + log.msg(eventid='KIPP0004', ttylog=self.ttylog_file, + format='Opening TTY Log: %(ttylog)s') + self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ (self.cfg.get('honeypot', 'download_path'), - time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId) + time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) self.stdinlog_open = False insults.ServerProtocol.connectionMade(self) @@ -424,11 +421,11 @@ class LoggingServerProtocol(insults.ServerProtocol): def write(self, bytes): """ """ - transport = self.transport.session.conn.transport - for i in transport.interactors: + for i in self.interactors: i.sessionWrite(bytes) + if self.ttylog_open: - ttylog.ttylog_write(transport.ttylog_file, len(bytes), + ttylog.ttylog_write(self.ttylog_file, len(bytes), ttylog.TYPE_OUTPUT, time.time(), bytes) insults.ServerProtocol.write(self, bytes) @@ -448,8 +445,7 @@ class LoggingServerProtocol(insults.ServerProtocol): with file(self.stdinlog_file, 'ab') as f: f.write(data) elif self.ttylog_open: - transport = self.transport.session.conn.transport - ttylog.ttylog_write(transport.ttylog_file, len(data), + ttylog.ttylog_write(self.ttylog_file, len(data), ttylog.TYPE_INPUT, time.time(), data) insults.ServerProtocol.dataReceived(self, data) @@ -476,6 +472,10 @@ class LoggingServerProtocol(insults.ServerProtocol): it's called once from Avatar.closed() if disconnected """ log.msg("received call to LSP.connectionLost") + + for i in self.interactors: + i.sessionClosed() + transport = self.transport.session.conn.transport if self.stdinlog_open: @@ -499,8 +499,8 @@ class LoggingServerProtocol(insults.ServerProtocol): if self.ttylog_open: log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s', - ttylog=transport.ttylog_file) - ttylog.ttylog_close(transport.ttylog_file, time.time()) + ttylog=self.ttylog_file) + ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False self.cfg = None diff --git a/cowrie/core/ssh.py b/cowrie/core/ssh.py index 59e10ab..a6a043f 100644 --- a/cowrie/core/ssh.py +++ b/cowrie/core/ssh.py @@ -316,7 +316,6 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): We send our version, but wait with sending KEXINIT """ self.transportId = uuid.uuid4().hex[:8] - self.interactors = [] log.msg(eventid='KIPP0001', format='New connection: %(src_ip)s:%(src_port)s (%(dst_ip)s:%(dst_port)s) [session: %(sessionno)s]', @@ -414,8 +413,6 @@ class HoneyPotTransport(transport.SSHServerTransport, TimeoutMixin): This seems to be the only reliable place of catching lost connection """ self.setTimeout(None) - for i in self.interactors: - i.sessionClosed() if self.transport.sessionno in self.factory.sessions: del self.factory.sessions[self.transport.sessionno] transport.SSHServerTransport.connectionLost(self, reason)