def test_isoFormatToDateTime(self):
no_microseconds = datetime(2016, 11, 12, 11, 47, 20, 0)
no_microseconds_isoformat = no_microseconds.isoformat()
self.assertEquals(isoformatToDatetime(no_microseconds_isoformat), no_microseconds)
has_microseconds = datetime(2016, 11, 12, 11, 47, 20, 4242)
has_microseconds_isoformat = has_microseconds.isoformat()
self.assertEquals(isoformatToDatetime(has_microseconds_isoformat), has_microseconds)
def test_isoFormatToDateTime(self):
no_microseconds = datetime(2016, 11, 12, 11, 47, 20, 0)
no_microseconds_isoformat = no_microseconds.isoformat()
self.assertEquals(isoformatToDatetime(no_microseconds_isoformat),
no_microseconds)
has_microseconds = datetime(2016, 11, 12, 11, 47, 20, 4242)
has_microseconds_isoformat = has_microseconds.isoformat()
self.assertEquals(isoformatToDatetime(has_microseconds_isoformat),
has_microseconds)
def extract_auth_entity(self, auth_data):
username = auth_data.get('username', '')
password = auth_data.get('password', '')
authentication = Authentication(id=auth_data['id'], username=username, password=password,
successful=auth_data['successful'],
timestamp=isoformatToDatetime(auth_data['timestamp']))
return authentication
def extract_auth_entity(self, auth_data):
username = auth_data.get('username', '')
password = auth_data.get('password', '')
authentication = Authentication(id=auth_data['id'], username=username, password=password,
successful=auth_data['successful'],
timestamp=isoformatToDatetime(auth_data['timestamp']))
return authentication
def persist_session(self, session_type, session_json):
db_session = database_setup.get_session()
if self.max_session_count == 0:
return
elif db_session.query(Session).count() == self.max_session_count:
session_to_delete = db_session.query(Session, func.min(Session.timestamp)).first()[0]
db_session.delete(session_to_delete)
try:
data = json.loads(session_json)
except UnicodeDecodeError:
data = json.loads(unicode(session_json, "ISO-8859-1"))
logger.debug('Persisting {0} session: {1}'.format(session_type, data))
classification = db_session.query(Classification).filter(Classification.type == 'pending').one()
assert data['honeypot_id'] is not None
_honeypot = db_session.query(Honeypot).filter(Honeypot.id == data['honeypot_id']).one()
if session_type == Messages.SESSION_HONEYPOT.value:
session = Session()
for entry in data['transcript']:
transcript_timestamp = isoformatToDatetime(entry['timestamp'])
transcript = Transcript(timestamp=transcript_timestamp, direction=entry['direction'],
data=entry['data'])
session.transcript.append(transcript)
for auth in data['login_attempts']:
authentication = self.extract_auth_entity(auth)
session.authentication.append(authentication)
elif session_type == Messages.SESSION_CLIENT.value:
ignore_failed_bait_sessions = self.send_config_request('{0} {1}'.format(Messages.GET_CONFIG_ITEM.value,
'ignore_failed_bait_session'))
if not data['did_complete'] and ignore_failed_bait_sessions:
logger.debug('Ignore failed bait session.')
return
session = BaitSession()
client = db_session.query(Client).filter(Client.id == data['client_id']).one()
client.last_activity = datetime.now()
session.did_connect = data['did_connect']
session.did_login = data['did_login']
session.did_complete = data['did_complete']
session.client = client
for auth in data['login_attempts']:
authentication = self.extract_auth_entity(auth)
session.authentication.append(authentication)
else:
logger.warn('Unknown message type: {0}'.format(session_type))
return
session.id = data['id']
session.classification = classification
session.timestamp = isoformatToDatetime(data['timestamp'])
session.received = datetime.utcnow()
session.protocol = data['protocol']
session.destination_ip = data['destination_ip']
session.destination_port = data['destination_port']
session.source_ip = data['source_ip']
session.source_port = data['source_port']
session.honeypot = _honeypot
_dronename = db_session.query(Drone).filter(Drone.id==_honeypot.id).first().name
db_session.add(session)
db_session.commit()
matching_session = self.get_matching_session(session, db_session)
if session_type == Messages.SESSION_HONEYPOT.value:
if matching_session:
matching_session.name = _dronename
self.merge_bait_and_session(session, matching_session, db_session)
elif session_type == Messages.SESSION_CLIENT.value:
if matching_session:
session.name = _dronename
self.merge_bait_and_session(matching_session, session, db_session)
else:
assert False
def persist_session(self, session_type, session_json):
db_session = database_setup.get_session()
if self.max_session_count == 0:
return
elif db_session.query(Session).count() == self.max_session_count:
session_to_delete = db_session.query(
Session, func.min(Session.timestamp)).first()[0]
db_session.delete(session_to_delete)
try:
data = json.loads(session_json)
except UnicodeDecodeError:
data = json.loads(unicode(session_json, "ISO-8859-1"))
logger.debug('Persisting {0} session: {1}'.format(session_type, data))
classification = db_session.query(Classification).filter(
Classification.type == 'pending').one()
assert data['honeypot_id'] is not None
_honeypot = db_session.query(Honeypot).filter(
Honeypot.id == data['honeypot_id']).one_or_none()
if not _honeypot:
logger.warning('Trying to persist session for non-existing honeypot drone with id {0}'.format(data['honeypot_id']))
return
if session_type == Messages.SESSION_HONEYPOT.value:
session = Session()
for entry in data['transcript']:
transcript_timestamp = isoformatToDatetime(entry['timestamp'])
transcript = Transcript(timestamp=transcript_timestamp, direction=entry['direction'],
data=entry['data'])
session.transcript.append(transcript)
for auth in data['login_attempts']:
authentication = self.extract_auth_entity(auth)
session.authentication.append(authentication)
elif session_type == Messages.SESSION_CLIENT.value:
ignore_failed_bait_sessions = self.send_config_request('{0} {1}'.format(Messages.GET_CONFIG_ITEM.value,
'ignore_failed_bait_session'))
if not data['did_complete'] and ignore_failed_bait_sessions:
logger.debug('Ignore failed bait session.')
return
session = BaitSession()
client = db_session.query(Client).filter(
Client.id == data['client_id']).one_or_none()
if not client:
logger.warning('Trying to persist session for non-existing client drone with id {0}'.format(data['client_id']))
return
client.last_activity = datetime.now()
session.did_connect = data['did_connect']
session.did_login = data['did_login']
session.did_complete = data['did_complete']
session.client = client
for auth in data['login_attempts']:
authentication = self.extract_auth_entity(auth)
session.authentication.append(authentication)
else:
logger.warn('Unknown message type: {0}'.format(session_type))
return
session.id = data['id']
session.classification = classification
session.timestamp = isoformatToDatetime(data['timestamp'])
session.received = datetime.utcnow()
session.protocol = data['protocol']
session.destination_ip = data['destination_ip']
session.destination_port = data['destination_port']
session.source_ip = data['source_ip']
session.source_port = data['source_port']
session.honeypot = _honeypot
_dronename = db_session.query(Drone).filter(
Drone.id == _honeypot.id).first().name
db_session.add(session)
db_session.commit()
matching_session = self.get_matching_session(session, db_session)
if session_type == Messages.SESSION_HONEYPOT.value:
if matching_session:
matching_session.name = _dronename
self.merge_bait_and_session(
session, matching_session, db_session)
elif session_type == Messages.SESSION_CLIENT.value:
if matching_session:
session.name = _dronename
self.merge_bait_and_session(
matching_session, session, db_session)
else:
assert False
