DoFler (Dashboard of Fail + DOPPLER) is a fully automated dashboard setup that can be easily distributed as needed. A central dofler server acts as the aggregation point and also serves up the HTML page that people can then view.

The HTML page is simple page that uses Javascript and CSS to format the output so that it looks pleasing, and can auto-update. The Javascript pulls the most recent data from the JSON api in the backend.

Run code, drink, and be marry ;)

Installation can depend on how you would like to deploy dofler. All early testing was done using both the client and server on the same host, however it was designed to split the two and have multiple clients running.

• Python 2.6,2.7

Client Only

• Ettercap
• TShark (Part of Wireshark)
• Driftnet (Use the https://github.com/bldewolf/driftnet fork)

• Install using pip or easy_install pip install dofler doflersvc
• Adjust the config file at /etc/dofler/dofler.conf & /etc/dofler/service.conf as needed.
• Start up the approprate services (dofler-server and dofler)

• [fedora_guide][Fedora Installation Guide]
• [debian_guide][Debian Installation Guide]
• [osx_guide][Max OSX Installation Guide]
• [wintel_guide][Windows Installation Guide (Server-only)]

• 0.3.0
  • Complete Rewrite
  • Now uses MongoDB as the backend instead of MySQL/SQLAlchemy
  • Can now enable/disable certain views (images, stats, accounts) in WebUI
  • WebUI now has a "porn reset" function as part of the API
  • Dofler is now split into 2 packages, dofler and doflersvc
  • Removed any client-side time dependencies
• 0.2.0
  • Updated WebUI so that it uses UTC Time instead of Local Time.
  • Minor bugfixes
• 0.1.0
  • Initial Release

The API is accepts requests using urlencoded formdata and will return responses (if available) in a json dictionary format. The client-side supporting APIs are designed to be temporal in nature. Because of this, it is very important that the server uses NTP or some other way to keep the time in sync with what the rest of the work uses.

Required Inputs: sensor, auth, salt HTTP Methods: POST

Will use the information provided, coupled with the secret for the sensor in the config file to indipendently validate the hash that the client sent. If the hashes match, it will return an authentication cookie.

• sensor: [string]: The Sensor Name.

• auth: [string]: The MD5 Hash that we will be computing against.

• salt: [string]: Some random data of some kind so that the auth hash isnt always the same.

Required Inputs: username, password, info, proto, parser HTTP Methods: POST

Uploads a potentially new account to the API to be added to the database, and then presented to users. The account presented will be checked to see if it already exists int he database; if there is no previous upload of the account, then it will be added.

• username: [string]: The username of the account.

• password: [string]: The password of the account. It is assumed that any anonymization of the password is done client-side, so none will be done on the server-side.

• info: [string]: Any information such as URL, Ip Address, etc. goes here.

• proto: [string]: The Protocol name.

• parser: [string]: The name of the parser that generated this event. While not displayed, it may be useful for further analysis.

Required Inputs: jdata HTTP Methods: POST

Here is where we gather information about the types of traffic we see on the network. The parser listens to all of the traffic with tshark, then responds with a JSON dictionary containing everything it's seen since last checkin.

• jdict: [JSON]: {'PROTO1': COUNT, 'PROTO2': COUNT}

Required Inputs: filetype, file HTTP Methods: POST

Uploads an image to the API there is it parsed into the database. As the database is designed to only keep one copy of an image, it will first check to see if the image is already int he DB based on the MD5Sum and will simply update the timestamp if this is the case. If the image does not exist, it will then add the image to the database.

• filetype: [string]: The file extension (e.g. png, jpg, gif)

• file: [file]: The image file.

Required Inputs: NONE HTTP Methods: GET

Returns the total number of accounts in the system. This is intended to be displayed in the footer of the account listing.

Required Inputs: NUM HTTP Methods: GET

Returns a JSON dictionary of all of the accounts with a higher ID than what was sent to the API. For example, to get all of the accounts in the system, you would call the api with '/api/accounts/0' to get all IDs greater than or equal to 0.

• NUM: [integer]: The ID of the next account to get.

Required Inputs: TIMESTAMP HTTP Methods: GET

Returns a JSON dictionary of the MD5 hashes of all the images that are newer than the timestamp sent. The timestamp is basic UNIX time.

• TIMESTAMP: [timestamp:integer]: The times in unix time that you would like to pull images from. Any images with a timestamp newer than this will be returned.

Required Inputs: HASH HTTP Methods: GET

Returns the Image file based on the Hash provided.

• HASH: [string:md5 hash]: The MD5 hash fo the image.

Required Inputs: NONE HTTP Methods: GET

INCOMPLETE

Returns a JSON dictionary of the sums of the traffic statistics that were collected by the tshark_stats parser.