forward mapping (#148)

Sorry for the delay! Thanks for the patch!
2025-12-18 22:44:29 +01:00 · 2016-06-15 13:38:14 +04:00
parent bb935ca707
commit 9ffeba80ec
2 changed files with 35 additions and 22 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -95,14 +95,6 @@ interact_enabled = false
 # (default: 5123)
 interact_port = 5123

-#SMTP forwarding.
-#
-#If you want to record SMTP traffic, install SMTP honeypoint.
-# (e.g https://github.com/awhitehatter/mailoney)
-# python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
-smtp_forwarding_enabled = false
-smtp_forwarding_port = 12525
-smtp_forwarding_host = 127.0.0.1

 # ============================================================================
 # Network Specific Options
@@ -370,3 +362,21 @@ logfile = log/cowrie.json
 #api_key = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
 #

+# Port forward mapping.
+#
+# Mapped port will be realy forwarded to new address
+# Useful for forwarding some protocols to other honeypots
+#
+[forward_mapping]
+# Comma separated port list
+ports = no
+# ports = 80,443,25,587
+port_80 = 127.0.0.1:8080
+port_443 = 127.0.0.1:8443
+# If you want to record SMTP traffic, install SMTP honeypoint.
+# (e.g https://github.com/awhitehatter/mailoney), run
+# python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525
+# uncomment
+# ports = 25,587
+port_25 = 127.0.0.1:12525
+port_587 = 127.0.0.1:12525
--- a/cowrie/ssh/forwarding.py
+++ b/cowrie/ssh/forwarding.py
@@ -14,26 +14,29 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
    """
    """
    cfg = avatar.cfg
+    if cfg.has_option('forward_mapping', 'ports') and \
+            cfg.get('forward_mapping', 'ports').lower() not in \
+            ('false', 'no'):
+        mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',')
+        mappedPorts = [int(x.strip()) for x in mappedPortsComma]
+    else:
+        mappedPorts = []
    remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
    log.msg(eventid='cowrie.direct-tcpip.request', 
    format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
            dst_ip=remoteHP[0], dst_port=remoteHP[1],
            src_ip=origHP[0], src_port=origHP[1])
-
-    if cfg.has_option('honeypot', 'smtp_forwarding_enabled') and \
-            cfg.get('honeypot', 'smtp_forwarding_enabled').lower() in \
-            ('yes', 'true', 'on'):
-        honey_smtp = True
-        honey_port = int(cfg.get('honeypot', 'smtp_forwarding_port'))
-        honey_host = cfg.get('honeypot', 'smtp_forwarding_host')
-    else:
-        honey_smtp = False
-
-    if (remoteHP[1] == 25 or remoteHP[1] == 587) and honey_smtp:
+    portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1])
+    if remoteHP[1] in mappedPorts \
+            and cfg.has_option('forward_mapping', portRule):
+        newAddr = cfg.get('forward_mapping', portRule)
+        newIp = newAddr.split(':')[0].strip()
+        newPort = int(newAddr.split(':')[1].strip())
+        remoteHPNew = (newIp, newPort)
        log.msg(eventid='cowrie.direct-tcpip.request',
-            format='found smtp, forwarding to local honeypot')
-        remoteHPLocal = (honey_host, honey_port)
-        return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
+            format='found custom port, forwarding to %(new_ip)s:%(new_port)s',
+                 new_ip=newIp, new_port=newPort)
+        return forwarding.SSHConnectForwardingChannel(remoteHPNew,
            remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
            avatar=avatar)