From e595eda866d5cd65c42178709af437d3638bb77c Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Tue, 27 Jan 2015 11:01:06 +0000 Subject: [PATCH] Add new option to set internet facing IP. If option is not set, Kippo will attempt to determine it by itself --- kippo.cfg.dist | 5 +++++ kippo/core/protocol.py | 11 +++++++++++ 2 files changed, 16 insertions(+) diff --git a/kippo.cfg.dist b/kippo.cfg.dist index f603463..b112eca 100644 --- a/kippo.cfg.dist +++ b/kippo.cfg.dist @@ -115,6 +115,11 @@ sftp_enabled = true # (default: not specified) #fake_addr = 192.168.66.254 +# The IP address on which this machine reachable on from the internet. +# Useful if you use portforwarding or other mechanisms. If empty, the kippo +# will determine by itself. Used in 'netstat' output +#internet_facing_ip = 9.9.9.9 + # SSH Version String # # Use this to disguise your honeypot from a simple SSH version scan diff --git a/kippo/core/protocol.py b/kippo/core/protocol.py index 059f989..7f5577c 100644 --- a/kippo/core/protocol.py +++ b/kippo/core/protocol.py @@ -4,6 +4,7 @@ import os import time import struct +import socket import copy from twisted.conch import recvline @@ -43,6 +44,7 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol): transport = self.terminal.transport.session.conn.transport self.realClientIP = transport.transport.getPeer().host + self.realClientPort = transport.transport.getPeer().port self.clientVersion = transport.otherVersionString self.logintime = transport.logintime self.ttylog_file = transport.ttylog_file @@ -54,6 +56,15 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol): else: self.clientIP = self.realClientIP + if cfg.has_option('honeypot', 'internet_facing_ip'): + self.kippoIP = cfg.get('honeypot', 'internet_facing_ip') + else: + # Hack to get ip + s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + s.connect(("8.8.8.8",80)) + self.kippoIP = s.getsockname()[0] + s.close() + def displayMOTD(self): try: self.writeln(self.fs.file_contents('/etc/motd'))