def start(cls, addr, iface=None, config=None): daemons = [] for proto in ("tcp", "tls", "udp"): ports = config.get("%s_ports" % proto) if ports is None: continue for port in ports: daemon = SipSession(proto=proto, config=config) daemon.bind(addr, port, iface=iface) daemon.listen() daemons.append(daemon) if len(daemons) > 0: global g_timer_cleanup if g_timer_cleanup is None: logger.warning("Starting cleanup loop") g_timer_cleanup = Timer( 60, cleanup, repeat=True, ) g_timer_cleanup.start() else: logger.debug("Cleanup loop already started!") return daemons
def __init__(self, path, config=None): logger.debug("%s ready!" % (self.__class__.__name__)) ihandler.__init__(self, path) self.apikey = config.get("apikey") comment = config.get("comment") if comment is None: comment = "This sample was captured in the wild and uploaded by the dionaea honeypot.\n#honeypot #malware #networkworm" self.comment = comment self.cookies = {} self.backlog_timer = Timer( interval=20, delay=0, function=self.__handle_backlog_timeout, repeat=True, ) self.backlog_timer.start() p = config.get("file") self.dbh = sqlite3.connect(p) self.cursor = self.dbh.cursor() self.cursor.execute(""" CREATE TABLE IF NOT EXISTS backlogfiles ( backlogfile INTEGER PRIMARY KEY, status TEXT NOT NULL, -- new, submit, query, comment md5_hash TEXT NOT NULL, path TEXT NOT NULL, timestamp INTEGER NOT NULL, scan_id TEXT, lastcheck_time INTEGER, submit_time INTEGER );""")
def handle_INVITE(self, msg): logger.debug("{!s} handle_INVITE".format(self)) self.__state = SipCall.INVITE self._timers["invite_handler"] = Timer( 0.1, self.__handle_invite, ) # ToDo: the data isn't used in the callback at the moment # self._timers["invite_handler"].data = msg self._timers["invite_handler"].start() return True
def __init__(self, path, config=None): logger.debug('hpfeedhandler init') reconnect_timeout = config.get("reconnect_timeout") if reconnect_timeout is None: reconnect_timeout = self.default_reconnect_timeout try: reconnect_timeout = float(reconnect_timeout) except (TypeError, ValueError) as e: logger.warn( "Unable to convert value '%s' for reconnect timeout to float" % reconnect_timeout) reconnect_timeout = self.default_reconnect_timeout port = config.get("port") if port is None: port = self.default_port try: port = int(port) except (TypeError, ValueError) as e: logger.warn("Unable to convert value '%s' for port to int" % port) port = self.default_port self.client = hpclient(config['server'], port, config['ident'], config['secret'], reconnect_timeout=reconnect_timeout) ihandler.__init__(self, path) self.dynip_resolve = config.get('dynip_resolve', '') self.dynip_timer = None self.ownip = None if isinstance(self.dynip_resolve, str) and self.dynip_resolve.startswith("http"): logger.debug('hpfeedihandler will use dynamic IP resolving!') self.dynip_timer = Timer( 300, self._dynip_resolve, delay=2, repeat=True, ) self.dynip_timer.start()
def __init__(self, proto, call_id, session, invite_message): logger.debug("{!s} __init__".format(self)) logger.debug("SipCall {} session {} ".format(self, session)) connection.__init__(self, proto) # Store incoming information of the remote host self.__session = session self.__state = SipCall.SESSION_SETUP self.__msg = invite_message # list of messages self._msg_stack = [] self.__call_id = invite_message.headers.get(b"call-id").value self._call_id = call_id self._rtp_streams = {} self.local.host = self.__session.local.host self.local.port = self.__session.local.port self.remote.host = self.__session.remote.host self.remote.port = self.__session.remote.port user = self.__msg.headers.get(b"to").get_raw().uri.user self._user = self.__session.config.get_user_by_username( self.__session.personality, user) # fake a connection entry i = incident("dionaea.connection.udp.connect") i.con = self i.report() # Global timers self._timers = { "idle": Timer(60.0, self.__handle_timeout_idle, repeat=True), "invite_handler": None, } self._timers["idle"].start()
def __handle_invite(self): logger.debug("{!s} __handle_invite".format(self)) logger.info("Handle invite") if self.__state == SipCall.INVITE: logger.debug("Send TRYING") # ToDo: Check authentication #self.__authenticate(headers) if self._user is None: msg = self.__msg.create_response(rfc3261.NOT_FOUND) self.send(msg.dumps()) self.close() return msg = self.__msg.create_response(rfc3261.TRYING) self.send(msg) self.__state = SipCall.INVITE_TRYING # Wait up to two seconds self._timers["invite_handler"] = Timer( random.random() * 2, self.__handle_invite, ) self._timers["invite_handler"].start() return if self.__state == SipCall.INVITE_TRYING: # Send 180 Ringing to make honeypot appear more human-like logger.debug("Send RINGING") msg = self.__msg.create_response(rfc3261.RINGING) self.send(msg) delay = random.randint(self._user.pickup_delay_min, self._user.pickup_delay_max) logger.info( "Choosing ring delay between {} and {} seconds: {}".format( self._user.pickup_delay_min, self._user.pickup_delay_max, delay)) self.__state = SipCall.INVITE_RINGING self._timers["invite_handler"] = Timer( delay, self.__handle_invite, ) self._timers["invite_handler"].start() return if self.__state == SipCall.INVITE_RINGING: logger.debug("Send OK") # Create a stream dump file with date and time and random ID in case of # flooding attacks pcap = self.__session.config.get_pcap() # Create RTP stream instance and pass address and port of listening # remote RTP host sdp = self.__msg.sdp media_port_names = self.__session.config.get_sdp_media_port_names( self._user.sdp) media_ports = {} for name in media_port_names: media_ports[name] = None bistream_enabled = False if "bistream" in self.__session.config._rtp.get("modes", {}): bistream_enabled = True for name in media_port_names: for media in sdp.get(b"m"): if media.media.lower() == bytes(name[:5], "utf-8"): self._rtp_streams[name] = RtpUdpStream( name, self, self.__session, self.__session.local.host, 0, # random port self.__session.remote.host, media.port, pcap=pcap, bistream_enabled=bistream_enabled) media_ports[name] = self._rtp_streams[name].local.port i = incident("dionaea.connection.link") i.parent = self i.child = self._rtp_streams[name] i.report() # Send 200 OK and pick up the phone msg = self.__msg.create_response(rfc3261.OK) # ToDo: add IP6 support msg.sdp = rfc4566.SDP.froms( self.__session.config.get_sdp_by_name( self._user.sdp, unicast_address=self.local.host, addrtype="IP4", media_ports=media_ports)) msg_stack = self._msg_stack msg_stack.append(("out", msg)) pcap.open(msg_stack=msg_stack, personality=self.__session.personality, local_host=self.local.host, local_port=self.local.port, remote_host=self.remote.host, remote_port=self.remote.port) self.send(msg) self.__state = SipCall.CALL # ToDo: Send rtp data? return