forward mapping (#148)

Sorry for the delay! Thanks for the patch!

cowrie.cfg.dist

@@ -95,14 +95,6 @@ interact_enabled = false
 # (default: 5123)
 interact_port = 5123
 
-#SMTP forwarding.
-#
-#If you want to record SMTP traffic, install SMTP honeypoint.
-# (e.g https://github.com/awhitehatter/mailoney)
-# python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
-smtp_forwarding_enabled = false
-smtp_forwarding_port = 12525
-smtp_forwarding_host = 127.0.0.1
 
 # ============================================================================
 # Network Specific Options
@@ -370,3 +362,21 @@ logfile = log/cowrie.json
 #api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
 #
 
+# Port forward mapping.
+#
+# Mapped port will be realy forwarded to new address
+# Useful for forwarding some protocols to other honeypots
+#
+[forward_mapping]
+# Comma separated port list
+ports = no
+# ports = 80,443,25,587
+port_80 = 127.0.0.1:8080
+port_443 = 127.0.0.1:8443
+# If you want to record SMTP traffic, install SMTP honeypoint.
+# (e.g https://github.com/awhitehatter/mailoney), run
+# python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
+# uncomment
+# ports = 25,587
+port_25 = 127.0.0.1:12525
+port_587 = 127.0.0.1:12525

cowrie/ssh/forwarding.py

@@ -14,26 +14,29 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
     """
     """
     cfg = avatar.cfg
+    if cfg.has_option('forward_mapping', 'ports') and \
+            cfg.get('forward_mapping', 'ports').lower() not in \
+            ('false', 'no'):
+        mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',')
+        mappedPorts = [int(x.strip()) for x in mappedPortsComma]
+    else:
+        mappedPorts = []
     remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
     log.msg(eventid='cowrie.direct-tcpip.request', 
     format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
             dst_ip=remoteHP[0], dst_port=remoteHP[1],
             src_ip=origHP[0], src_port=origHP[1])
-
+    portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1])
-    if cfg.has_option('honeypot', 'smtp_forwarding_enabled') and \
+    if remoteHP[1] in mappedPorts \
-            cfg.get('honeypot', 'smtp_forwarding_enabled').lower() in \
+            and cfg.has_option('forward_mapping', portRule):
-            ('yes', 'true', 'on'):
+        newAddr = cfg.get('forward_mapping', portRule)
-        honey_smtp = True
+        newIp = newAddr.split(':')[0].strip()
-        honey_port = int(cfg.get('honeypot', 'smtp_forwarding_port'))
+        newPort = int(newAddr.split(':')[1].strip())
-        honey_host = cfg.get('honeypot', 'smtp_forwarding_host')
+        remoteHPNew = (newIp, newPort)
-    else:
-        honey_smtp = False
-
-    if (remoteHP[1] == 25 or remoteHP[1] == 587) and honey_smtp:
         log.msg(eventid='cowrie.direct-tcpip.request',
-            format='found smtp, forwarding to local honeypot')
+            format='found custom port, forwarding to %(new_ip)s:%(new_port)s',
-        remoteHPLocal = (honey_host, honey_port)
+                 new_ip=newIp, new_port=newPort)
-        return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
+        return forwarding.SSHConnectForwardingChannel(remoteHPNew,
             remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
             avatar=avatar)