Merge pull request #64 from lelonek1/mhn-support

Update Cowrie to support integration with MHN
2026-01-18 05:34:20 +01:00 · 2015-11-16 15:28:45 +04:00
parent d6af172b3a aa3ebbdcef
commit d5d0f49f36
3 changed files with 30 additions and 1 deletions
--- a/cowrie.cfg.dist
+++ b/cowrie.cfg.dist
@@ -26,6 +26,13 @@
 # (default: 2222)
 #listen_port = 2222

+# Source Port to report in logs (useful if you use iptables to forward ports to cowrie)
+#reported_ssh_port = 22
+
+# Enable to log the public IP of the honeypot (useful if listening on 127.0.0.1)
+# IP address is obtained by querying http://myip.threatstream.com
+#report_public_ip = true
+
 # Hostname for the honeypot. Displayed by the shell prompt of the virtual
 # environment.
 #
--- a/cowrie/core/dblog.py
+++ b/cowrie/core/dblog.py
@@ -49,6 +49,17 @@ class DBLogger(object):
            'KIPP0012': self.handleTTYLogClosed,
        }

+        self.reported_ssh_port = None
+        if self.cfg.has_option('honeypot', 'reported_ssh_port'):
+            self.reported_ssh_port = int(cfg.get('honeypot', 'reported_ssh_port'))
+
+        self.report_public_ip = False
+        if self.cfg.has_option('honeypot', 'report_public_ip'):
+            if cfg.get('honeypot', 'report_public_ip') == "true" or cfg.get('honeypot', 'report_public_ip') == "1":
+                self.report_public_ip = True
+                import urllib
+                self.public_ip = urllib.urlopen('http://myip.threatstream.com').readline()
+
        self.start(cfg)

    # used when the HoneypotTransport prefix is not available.
@@ -82,9 +93,17 @@ class DBLogger(object):
        # connection event is special. adds to list
        if ev['eventid'] == 'KIPP0001':
            sessionno = ev['sessionno']
+            peerIP, peerPort = ev['src_ip'], ev['src_port']
+            hostIP, hostPort = ev['dst_ip'], ev['dst_port']
+
+            if self.reported_ssh_port:
+                hostPort = self.reported_ssh_port
+            if self.report_public_ip:
+                hostIP = self.public_ip
+
            self.sessions[sessionno] = \
                self.createSession(
-                    ev['src_ip'], ev['src_port'], ev['dst_ip'], ev['dst_port'])
+                    peerIP, peerPort, hostIP, hostPort)
            return

        # use explicit sessionno if coming from dispatch
--- a/cowrie/dblog/hpfeeds.py
+++ b/cowrie/dblog/hpfeeds.py
@@ -103,6 +103,9 @@ class hpclient(object):
 			self.handle_established()

 	def send(self, data):
+		if not self.s:
+			self.connect()
+
 		if not self.s: return
 		self.s.send(data)