def start(cls, addr, iface=None, config=None):
daemons = []
for proto in ("tcp", "tls", "udp"):
ports = config.get("%s_ports" % proto)
if ports is None:
continue
for port in ports:
daemon = SipSession(proto=proto, config=config)
daemon.bind(addr, port, iface=iface)
daemon.listen()
daemons.append(daemon)
if len(daemons) > 0:
global g_timer_cleanup
if g_timer_cleanup is None:
logger.warning("Starting cleanup loop")
g_timer_cleanup = Timer(
60,
cleanup,
repeat=True,
)
g_timer_cleanup.start()
else:
logger.debug("Cleanup loop already started!")
return daemons
def __init__(self, path, config=None):
logger.debug("%s ready!" % (self.__class__.__name__))
ihandler.__init__(self, path)
self.apikey = config.get("apikey")
comment = config.get("comment")
if comment is None:
comment = "This sample was captured in the wild and uploaded by the dionaea honeypot.\n#honeypot #malware #networkworm"
self.comment = comment
self.cookies = {}
self.backlog_timer = Timer(
interval=20,
delay=0,
function=self.__handle_backlog_timeout,
repeat=True,
)
self.backlog_timer.start()
p = config.get("file")
self.dbh = sqlite3.connect(p)
self.cursor = self.dbh.cursor()
self.cursor.execute("""
CREATE TABLE IF NOT EXISTS backlogfiles (
backlogfile INTEGER PRIMARY KEY,
status TEXT NOT NULL, -- new, submit, query, comment
md5_hash TEXT NOT NULL,
path TEXT NOT NULL,
timestamp INTEGER NOT NULL,
scan_id TEXT,
lastcheck_time INTEGER,
submit_time INTEGER
);""")
def handle_INVITE(self, msg):
logger.debug("{!s} handle_INVITE".format(self))
self.__state = SipCall.INVITE
self._timers["invite_handler"] = Timer(
0.1,
self.__handle_invite,
)
# ToDo: the data isn't used in the callback at the moment
# self._timers["invite_handler"].data = msg
self._timers["invite_handler"].start()
return True
def __init__(self, path, config=None):
logger.debug('hpfeedhandler init')
reconnect_timeout = config.get("reconnect_timeout")
if reconnect_timeout is None:
reconnect_timeout = self.default_reconnect_timeout
try:
reconnect_timeout = float(reconnect_timeout)
except (TypeError, ValueError) as e:
logger.warn(
"Unable to convert value '%s' for reconnect timeout to float" %
reconnect_timeout)
reconnect_timeout = self.default_reconnect_timeout
port = config.get("port")
if port is None:
port = self.default_port
try:
port = int(port)
except (TypeError, ValueError) as e:
logger.warn("Unable to convert value '%s' for port to int" % port)
port = self.default_port
self.client = hpclient(config['server'],
port,
config['ident'],
config['secret'],
reconnect_timeout=reconnect_timeout)
ihandler.__init__(self, path)
self.dynip_resolve = config.get('dynip_resolve', '')
self.dynip_timer = None
self.ownip = None
if isinstance(self.dynip_resolve,
str) and self.dynip_resolve.startswith("http"):
logger.debug('hpfeedihandler will use dynamic IP resolving!')
self.dynip_timer = Timer(
300,
self._dynip_resolve,
delay=2,
repeat=True,
)
self.dynip_timer.start()
def __init__(self, proto, call_id, session, invite_message):
logger.debug("{!s} __init__".format(self))
logger.debug("SipCall {} session {} ".format(self, session))
connection.__init__(self, proto)
# Store incoming information of the remote host
self.__session = session
self.__state = SipCall.SESSION_SETUP
self.__msg = invite_message
# list of messages
self._msg_stack = []
self.__call_id = invite_message.headers.get(b"call-id").value
self._call_id = call_id
self._rtp_streams = {}
self.local.host = self.__session.local.host
self.local.port = self.__session.local.port
self.remote.host = self.__session.remote.host
self.remote.port = self.__session.remote.port
user = self.__msg.headers.get(b"to").get_raw().uri.user
self._user = self.__session.config.get_user_by_username(
self.__session.personality, user)
# fake a connection entry
i = incident("dionaea.connection.udp.connect")
i.con = self
i.report()
# Global timers
self._timers = {
"idle": Timer(60.0, self.__handle_timeout_idle, repeat=True),
"invite_handler": None,
}
self._timers["idle"].start()
def __handle_invite(self):
logger.debug("{!s} __handle_invite".format(self))
logger.info("Handle invite")
if self.__state == SipCall.INVITE:
logger.debug("Send TRYING")
# ToDo: Check authentication
#self.__authenticate(headers)
if self._user is None:
msg = self.__msg.create_response(rfc3261.NOT_FOUND)
self.send(msg.dumps())
self.close()
return
msg = self.__msg.create_response(rfc3261.TRYING)
self.send(msg)
self.__state = SipCall.INVITE_TRYING
# Wait up to two seconds
self._timers["invite_handler"] = Timer(
random.random() * 2,
self.__handle_invite,
)
self._timers["invite_handler"].start()
return
if self.__state == SipCall.INVITE_TRYING:
# Send 180 Ringing to make honeypot appear more human-like
logger.debug("Send RINGING")
msg = self.__msg.create_response(rfc3261.RINGING)
self.send(msg)
delay = random.randint(self._user.pickup_delay_min,
self._user.pickup_delay_max)
logger.info(
"Choosing ring delay between {} and {} seconds: {}".format(
self._user.pickup_delay_min, self._user.pickup_delay_max,
delay))
self.__state = SipCall.INVITE_RINGING
self._timers["invite_handler"] = Timer(
delay,
self.__handle_invite,
)
self._timers["invite_handler"].start()
return
if self.__state == SipCall.INVITE_RINGING:
logger.debug("Send OK")
# Create a stream dump file with date and time and random ID in case of
# flooding attacks
pcap = self.__session.config.get_pcap()
# Create RTP stream instance and pass address and port of listening
# remote RTP host
sdp = self.__msg.sdp
media_port_names = self.__session.config.get_sdp_media_port_names(
self._user.sdp)
media_ports = {}
for name in media_port_names:
media_ports[name] = None
bistream_enabled = False
if "bistream" in self.__session.config._rtp.get("modes", {}):
bistream_enabled = True
for name in media_port_names:
for media in sdp.get(b"m"):
if media.media.lower() == bytes(name[:5], "utf-8"):
self._rtp_streams[name] = RtpUdpStream(
name,
self,
self.__session,
self.__session.local.host,
0, # random port
self.__session.remote.host,
media.port,
pcap=pcap,
bistream_enabled=bistream_enabled)
media_ports[name] = self._rtp_streams[name].local.port
i = incident("dionaea.connection.link")
i.parent = self
i.child = self._rtp_streams[name]
i.report()
# Send 200 OK and pick up the phone
msg = self.__msg.create_response(rfc3261.OK)
# ToDo: add IP6 support
msg.sdp = rfc4566.SDP.froms(
self.__session.config.get_sdp_by_name(
self._user.sdp,
unicast_address=self.local.host,
addrtype="IP4",
media_ports=media_ports))
msg_stack = self._msg_stack
msg_stack.append(("out", msg))
pcap.open(msg_stack=msg_stack,
personality=self.__session.personality,
local_host=self.local.host,
local_port=self.local.port,
remote_host=self.remote.host,
remote_port=self.remote.port)
self.send(msg)
self.__state = SipCall.CALL
# ToDo: Send rtp data?
return