def test_isoFormatToDateTime(self): no_microseconds = datetime(2016, 11, 12, 11, 47, 20, 0) no_microseconds_isoformat = no_microseconds.isoformat() self.assertEquals(isoformatToDatetime(no_microseconds_isoformat), no_microseconds) has_microseconds = datetime(2016, 11, 12, 11, 47, 20, 4242) has_microseconds_isoformat = has_microseconds.isoformat() self.assertEquals(isoformatToDatetime(has_microseconds_isoformat), has_microseconds)
def extract_auth_entity(self, auth_data): username = auth_data.get('username', '') password = auth_data.get('password', '') authentication = Authentication(id=auth_data['id'], username=username, password=password, successful=auth_data['successful'], timestamp=isoformatToDatetime(auth_data['timestamp'])) return authentication
def persist_session(self, session_type, session_json): db_session = database_setup.get_session() if self.max_session_count == 0: return elif db_session.query(Session).count() == self.max_session_count: session_to_delete = db_session.query(Session, func.min(Session.timestamp)).first()[0] db_session.delete(session_to_delete) try: data = json.loads(session_json) except UnicodeDecodeError: data = json.loads(unicode(session_json, "ISO-8859-1")) logger.debug('Persisting {0} session: {1}'.format(session_type, data)) classification = db_session.query(Classification).filter(Classification.type == 'pending').one() assert data['honeypot_id'] is not None _honeypot = db_session.query(Honeypot).filter(Honeypot.id == data['honeypot_id']).one() if session_type == Messages.SESSION_HONEYPOT.value: session = Session() for entry in data['transcript']: transcript_timestamp = isoformatToDatetime(entry['timestamp']) transcript = Transcript(timestamp=transcript_timestamp, direction=entry['direction'], data=entry['data']) session.transcript.append(transcript) for auth in data['login_attempts']: authentication = self.extract_auth_entity(auth) session.authentication.append(authentication) elif session_type == Messages.SESSION_CLIENT.value: ignore_failed_bait_sessions = self.send_config_request('{0} {1}'.format(Messages.GET_CONFIG_ITEM.value, 'ignore_failed_bait_session')) if not data['did_complete'] and ignore_failed_bait_sessions: logger.debug('Ignore failed bait session.') return session = BaitSession() client = db_session.query(Client).filter(Client.id == data['client_id']).one() client.last_activity = datetime.now() session.did_connect = data['did_connect'] session.did_login = data['did_login'] session.did_complete = data['did_complete'] session.client = client for auth in data['login_attempts']: authentication = self.extract_auth_entity(auth) session.authentication.append(authentication) else: logger.warn('Unknown message type: {0}'.format(session_type)) return session.id = data['id'] session.classification = classification session.timestamp = isoformatToDatetime(data['timestamp']) session.received = datetime.utcnow() session.protocol = data['protocol'] session.destination_ip = data['destination_ip'] session.destination_port = data['destination_port'] session.source_ip = data['source_ip'] session.source_port = data['source_port'] session.honeypot = _honeypot _dronename = db_session.query(Drone).filter(Drone.id==_honeypot.id).first().name db_session.add(session) db_session.commit() matching_session = self.get_matching_session(session, db_session) if session_type == Messages.SESSION_HONEYPOT.value: if matching_session: matching_session.name = _dronename self.merge_bait_and_session(session, matching_session, db_session) elif session_type == Messages.SESSION_CLIENT.value: if matching_session: session.name = _dronename self.merge_bait_and_session(matching_session, session, db_session) else: assert False
def persist_session(self, session_type, session_json): db_session = database_setup.get_session() if self.max_session_count == 0: return elif db_session.query(Session).count() == self.max_session_count: session_to_delete = db_session.query( Session, func.min(Session.timestamp)).first()[0] db_session.delete(session_to_delete) try: data = json.loads(session_json) except UnicodeDecodeError: data = json.loads(unicode(session_json, "ISO-8859-1")) logger.debug('Persisting {0} session: {1}'.format(session_type, data)) classification = db_session.query(Classification).filter( Classification.type == 'pending').one() assert data['honeypot_id'] is not None _honeypot = db_session.query(Honeypot).filter( Honeypot.id == data['honeypot_id']).one_or_none() if not _honeypot: logger.warning('Trying to persist session for non-existing honeypot drone with id {0}'.format(data['honeypot_id'])) return if session_type == Messages.SESSION_HONEYPOT.value: session = Session() for entry in data['transcript']: transcript_timestamp = isoformatToDatetime(entry['timestamp']) transcript = Transcript(timestamp=transcript_timestamp, direction=entry['direction'], data=entry['data']) session.transcript.append(transcript) for auth in data['login_attempts']: authentication = self.extract_auth_entity(auth) session.authentication.append(authentication) elif session_type == Messages.SESSION_CLIENT.value: ignore_failed_bait_sessions = self.send_config_request('{0} {1}'.format(Messages.GET_CONFIG_ITEM.value, 'ignore_failed_bait_session')) if not data['did_complete'] and ignore_failed_bait_sessions: logger.debug('Ignore failed bait session.') return session = BaitSession() client = db_session.query(Client).filter( Client.id == data['client_id']).one_or_none() if not client: logger.warning('Trying to persist session for non-existing client drone with id {0}'.format(data['client_id'])) return client.last_activity = datetime.now() session.did_connect = data['did_connect'] session.did_login = data['did_login'] session.did_complete = data['did_complete'] session.client = client for auth in data['login_attempts']: authentication = self.extract_auth_entity(auth) session.authentication.append(authentication) else: logger.warn('Unknown message type: {0}'.format(session_type)) return session.id = data['id'] session.classification = classification session.timestamp = isoformatToDatetime(data['timestamp']) session.received = datetime.utcnow() session.protocol = data['protocol'] session.destination_ip = data['destination_ip'] session.destination_port = data['destination_port'] session.source_ip = data['source_ip'] session.source_port = data['source_port'] session.honeypot = _honeypot _dronename = db_session.query(Drone).filter( Drone.id == _honeypot.id).first().name db_session.add(session) db_session.commit() matching_session = self.get_matching_session(session, db_session) if session_type == Messages.SESSION_HONEYPOT.value: if matching_session: matching_session.name = _dronename self.merge_bait_and_session( session, matching_session, db_session) elif session_type == Messages.SESSION_CLIENT.value: if matching_session: session.name = _dronename self.merge_bait_and_session( matching_session, session, db_session) else: assert False