def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
"""
"""
cfg = avatar.cfg
remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
if cfg.has_option('honeypot', 'smtp_forwarding_enabled') and \
cfg.get('honeypot', 'smtp_forwarding_enabled').lower() in \
('yes', 'true', 'on'):
honey_smtp = True
honey_port = int(cfg.get('honeypot', 'smtp_forwarding_port'))
honey_host = cfg.get('honeypot', 'smtp_forwarding_host')
else:
honey_smtp = False
if (remoteHP[1] == 25 or remoteHP[1] == 587) and honey_smtp:
log.msg(eventid='cowrie.direct-tcpip.request',
format='found smtp, forwarding to local honeypot')
remoteHPLocal = (honey_host, honey_port)
return forwarding.SSHConnectForwardingChannel(remoteHPLocal,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
return CowrieConnectForwardingChannel(remoteHP,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data,
avatar):
"""
This function will redirect an SSH forward request to a another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(
eventid='cowrie.direct-tcpip.request',
format=
'direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1])
cfg = avatar.cfg
try:
if cfg.get('honeypot', 'ssh_forward_redirect') == "true":
redirectEnabled = True
else:
redirectEnabled = False
except:
redirectEnabled = False
if redirectEnabled:
redirects = {}
items = cfg.items('honeypot')
for i in items:
if i[0] == 'forward_redirect_rule':
destPort, _HP = i[1].split(',')
redirectHP = _HP.split(':')
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(
eventid='cowrie.direct-tcpip.redirect',
format=
'redirecting direct-tcp connection request %(src_ip)s:%(src_port)d->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0],
new_port=remoteHPNew[1],
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1])
return forwarding.SSHConnectForwardingChannel(
remoteHPNew,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
return CowrieConnectForwardingChannel(remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
def channel_forwarded_tcpip(self, windowSize, maxPacket, data):
log.msg('%s %s' % ('FTCP', repr(data)))
remoteHP, origHP = forwarding.unpackOpen_forwarded_tcpip(data)
log.msg(self.remoteForwards)
log.msg(remoteHP)
if self.remoteForwards.has_key(remoteHP[1]):
connectHP = self.remoteForwards[remoteHP[1]]
log.msg('connect forwarding %s' % (connectHP,))
return forwarding.SSHConnectForwardingChannel(connectHP,
remoteWindow = windowSize,
remoteMaxPacket = maxPacket,
conn = self)
else:
raise ConchError(connection.OPEN_CONNECT_FAILED, "don't know about that port")
def test_channelOpenHostnameRequests(self):
"""
When a hostname is sent as part of forwarding requests, it
is resolved using HostnameEndpoint's resolver.
"""
sut = forwarding.SSHConnectForwardingChannel(
hostport=('fwd.example.org', 1234))
# Patch channel and resolver to not touch the network.
memoryReactor = MemoryReactorClock()
sut._reactor = deterministicResolvingReactor(memoryReactor, ['::1'])
sut.channelOpen(None)
self.makeTCPConnection(memoryReactor)
self.successResultOf(sut._channelOpenDeferred)
# Channel is connected using a forwarding client to the resolved
# address of the requested host.
self.assertIsInstance(sut.client, forwarding.SSHForwardingClient)
self.assertEqual(IPv6Address('TCP', '::1', 1234),
sut.client.transport.getPeer())