def recv_send(self, local, remote, request):
# Receive data from the local peer
data = local.recv(self.mtu)
# If we received zero bytes, the connection got down, raise the
# exception so we can exit the loop and accept other clients
if len(data) == 0:
raise socket.error((100, "Underlying stream socket tore down"))
# Record the event
event = Event("Forwarding packet", data={"target_host": self.target_address, "target_port": self.target_port})
# Add the entire packet to the event
data = str(data)
if request:
event.request = data
else:
event.response = data
# Register the event
self.session.add_event(event)
# Send it to the remote peer
remote.send(data)
def recv_send(self, local, remote, request):
# Receive data from the local peer
data = local.recv(self.mtu)
# If we received zero bytes, the connection got down, raise the
# exception so we can exit the loop and accept other clients
if len(data) == 0:
raise socket.error((100, "Underlying stream socket tore down"))
# Record the event
event = Event("Forwarding packet",
data={"target_host": self.target_address,
"target_port": self.target_port})
# Add the entire packet to the event
data = str(data)
if request:
event.request = data
else:
event.response = data
# Register the event
self.session.add_event(event)
# Send it to the remote peer
remote.send(data)
def test_dbfeeds(self):
"""Tests event storage on a database"""
self.test_filename = mkstemp(".sqlite", "dbfeedstest")[1]
# Register an event using the DBFeed
configuration = Configuration({
"feed":
"DBFeed",
"db_engine":
"sqlite:///%s" % self.test_filename
})
feed = DBFeed(configuration)
event = Event("Test event")
event.session = Session(Queue(), "test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
feed.log(event)
feed.stop()
# Now check the event in the database
conn = sqlite3.connect(self.test_filename)
cursor = conn.cursor()
cursor.execute('SELECT * FROM events')
results = cursor.fetchall()
self.assertEqual(len(results), 1)
self.assertEqual(results[0][1], str(event.session.uuid))
self.assertEqual(results[0][2], str(event.timestamp))
self.assertEqual(results[0][3], repr(event))
def test_dbfeeds(self):
"""Tests event storage on a database"""
self.test_filename = mkstemp(".sqlite", "dbfeedstest")[1]
# Register an event using the DBFeed
configuration = Configuration({"feed": "DBFeed",
"db_engine": "sqlite:///%s" % self.test_filename})
feed = DBFeed(configuration)
event = Event("Test event")
event.session = Session(Queue(), "test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
feed.log(event)
feed.stop()
# Now check the event in the database
conn = sqlite3.connect(self.test_filename)
cursor = conn.cursor()
cursor.execute('SELECT * FROM events')
results = cursor.fetchall()
self.assertEqual(len(results), 1)
self.assertEqual(results[0][1], str(event.session.uuid))
self.assertEqual(results[0][2], str(event.timestamp))
self.assertEqual(results[0][3], repr(event))
def test_logfeeds(self):
self.test_filename = mkstemp(".log", "logfeedstest")[1]
# Register an event using the LogFeed
configuration = Configuration({"feed": "LogFeed",
"log_filename": self.test_filename})
feed = LogFeed(configuration)
event = Event("Test event")
event.session = Session(Queue(), "test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
feed.log(event)
feed.stop()
self.assertIs(path.exists(self.test_filename), True)
def test_feed_manager(self):
"""Test attack feed manager"""
# Create a session manager and the feed manager attached to it
config = Configuration()
session_manager = SessionManager(config)
feed_manager = FeedManager(config, session_manager)
feed_manager.add_feed(DummyFeed(config))
feed_manager.run()
# Create an event
event = Event("Test event")
# Obtain a session and add the event
session = session_manager.get_session("test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
session.add_event(event)
# Give the feed manager time for processing the event
sleep(1)
# Stop the feed manager and check if the event was processed
feed_manager.stop()
new_event = DummyFeed.events.get()
self.assertIs(event, new_event)
def test_hpfeeds(self):
"""Tests the HPFeed by connecting to honeynet's HPFriends service.
"""
# Register an event using the HPFeed
configuration = Configuration({"feed": "HPFeed",
"feed_host": self.test_host,
"feed_port": self.test_port,
"feed_ident": self.test_ident,
"feed_secret": self.test_secret,
"channels": [self.test_channel]})
feed = HPFeed(configuration)
event = Event("Test event")
event.session = Session(Queue(), "test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
feed.log(event)
feed.stop()
def test_logfeeds(self):
self.test_filename = mkstemp(".log", "logfeedstest")[1]
# Register an event using the LogFeed
configuration = Configuration({
"feed": "LogFeed",
"log_filename": self.test_filename
})
feed = LogFeed(configuration)
event = Event("Test event")
event.session = Session(Queue(), "test", "127.0.0.1", 3200,
"127.0.0.1", 3201)
feed.log(event)
feed.stop()
self.assertIs(path.exists(self.test_filename), True)
def test_session(self):
"""Test the attack session object"""
queue = Queue()
session = Session(queue, "test", "127.0.0.1", 3200, "127.0.0.1", 3201)
event_str = "Some event"
# Test adding an event object
event = Event(event_str)
session.add_event(event)
new_event = queue.get()
self.assertIs(new_event, event)
self.assertIs(new_event.session, session)
# Test adding an event string
session.add_event(event_str)
new_event = queue.get()
self.assertIs(new_event.session, session)
self.assertIsInstance(new_event, Event)
self.assertEqual(new_event.event, event_str)
def test_event(self):
"""Test the attack event object"""
event = Event(self.test_string, data=self.test_string)
with self.assertRaises(Exception):
str(event)
with self.assertRaises(Exception):
repr(event)
session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201)
session.add_event(event)
event_json = json.loads(repr(event))
self.assertEqual(event_json["event"], event.event)
self.assertEqual(event_json["data"], event.data)
self.assertEqual(event_json["timestamp"], str(event.timestamp))
self.assertEqual(event_json["session"], str(session.uuid))
self.assertEqual(event_json["service"], session.service)
self.assertEqual(event_json["source_ip"], session.source_ip)
self.assertEqual(event_json["source_port"], session.source_port)
self.assertEqual(event_json["target_ip"], session.target_ip)
self.assertEqual(event_json["target_port"], session.target_port)
