def setUp(self):
self.password = '******'
app.ensure_admin_password(True, password=self.password)
app.app.config['WTF_CSRF_ENABLED'] = False
self.work_dir = tempfile.mkdtemp()
beeswarm.shared.zmq_context = zmq.Context()
fd, self.db_file = tempfile.mkstemp()
os.close(fd)
connection_string = 'sqlite:///{0}'.format(self.db_file)
os.remove(self.db_file)
database.setup_db(connection_string)
self.config_actor = ConfigActor(
os.path.join(os.path.dirname(__file__), 'beeswarmcfg.json.test'),
self.work_dir)
self.config_actor.start()
# seed database with test data
session = database.get_session()
session.add_all([Client(), Honeypot()])
session.commit()
# startup session database
self.database_actor = DatabaseActor(999, delay_seconds=2)
self.database_actor.start()
self.app = app.app.test_client()
app.connect_sockets()
def setUp(self):
app.app.config['WTF_CSRF_ENABLED'] = False
self.work_dir = tempfile.mkdtemp()
self.config_actor = ConfigActor(
os.path.join(os.path.dirname(__file__), 'beeswarmcfg.json.test'),
self.work_dir)
self.config_actor.start()
self.app = app.app.test_client()
self.authenticator = Authenticator()
database.setup_db('sqlite://')
session = database.get_session()
# dummy entities
self.authenticator.add_user('test', 'test', 0)
self.client_id = str(uuid.uuid4())
self.client_password = str(uuid.uuid4())
self.authenticator.add_user(self.client_id, self.client_password, 2)
self.honeypot_id = str(uuid.uuid4())
self.honeypot_password = str(uuid.uuid4())
self.authenticator.add_user(self.honeypot_id, self.honeypot_password,
1)
session.add_all([
Client(id=self.client_id, configuration='test_client_config'),
Honeypot(id=self.honeypot_id, configuration='test_honeypot_config')
])
session.commit()
def __init__(self, work_dir, config, **kwargs):
"""
Main class for the Web-Interface. It takes care of setting up
the database, managing the users, etc.
:param work_dir: The working directory (usually the current working directory).
:param config_arg: Beeswarm configuration dictionary, None if not configuration was supplied.
"""
customize = kwargs['customize']
reset_password = kwargs['reset_password']
if 'clear_db' in kwargs:
clear_sessions = kwargs['clear_db']
else:
clear_sessions = True
self.work_dir = work_dir
self.config_file = 'beeswarmcfg.json'
if config is None:
Server.prepare_environment(work_dir, customize)
with open(os.path.join(work_dir, self.config_file),
'r') as config_file:
self.config = json.load(config_file, object_hook=asciify)
else:
self.config = config
# list of all self-running (actor) objects that receive or send
# messages on one or more zmq queues
self.actors = []
gevent.spawn(self.message_proxy, work_dir)
config_actor = ConfigActor(self.config_file, work_dir)
config_actor.start()
self.actors.append(config_actor)
database_setup.setup_db(
os.path.join(self.config['sql']['connection_string']))
persistanceActor = SessionPersister(clear_sessions)
persistanceActor.start()
self.actors.append(persistanceActor)
gevent.sleep()
self.workers = {}
self.greenlets = []
self.started = False
from beeswarm.server.webapp import app
self.app = app.app
self.app.config['CERT_PATH'] = self.config['ssl']['certpath']
self.authenticator = Authenticator()
self.authenticator.ensure_default_user(reset_password)
def __init__(self, work_dir, config, **kwargs):
"""
Main class for the Web-Interface. It takes care of setting up
the database, managing the users, etc.
:param work_dir: The working directory (usually the current working directory).
:param config_arg: Beeswarm configuration dictionary, None if not configuration was supplied.
"""
customize = kwargs['customize']
reset_password = kwargs['reset_password']
if 'clear_db' in kwargs:
clear_sessions = kwargs['clear_db']
else:
clear_sessions = True
if 'server_hostname' in kwargs:
server_hostname = kwargs['server_hostname']
else:
server_hostname = None
max_sessions = kwargs['max_sessions']
start_webui = kwargs['start_webui']
self.work_dir = work_dir
self.config_file = os.path.join(work_dir, 'beeswarmcfg.json')
if config is None:
self.prepare_environment(work_dir,
customize,
server_hostname=server_hostname)
with open(os.path.join(work_dir, self.config_file),
'r') as config_file:
self.config = json.load(config_file, object_hook=asciify)
else:
self.config = config
# list of all self-running (actor) objects that receive or send
# messages on one or more zmq queues
self.actors = []
self.greenlets = []
proxy_greenlet = gevent.spawn(self.message_proxy, work_dir)
self.greenlets.append(proxy_greenlet)
config_actor = ConfigActor(self.config_file, work_dir)
config_actor.start()
self.actors.append(config_actor)
self.greenlets.append(config_actor)
# make path in sqlite connection string absolute
connection_string = self.config['sql']['connection_string']
if connection_string.startswith('sqlite:///'):
_, relative_path = os.path.split(connection_string)
connection_string = 'sqlite:///{0}'.format(
os.path.join(self.work_dir, relative_path))
database_setup.setup_db(connection_string)
database_actor = DatabaseActor(max_sessions, clear_sessions)
database_actor.start()
self.actors.append(database_actor)
self.greenlets.append(database_actor)
for g in self.greenlets:
g.link_exception(self.on_exception)
gevent.sleep()
self.started = False
if start_webui:
from beeswarm.server.webapp import app
self.app = app.app
self.app.config['CERT_PATH'] = self.config['ssl']['certpath']
app.ensure_admin_password(reset_password)
else:
self.app = None
def prepare_environment(self, work_dir, customize, server_hostname=None):
config_file = self.config_file
if not os.path.isfile(config_file):
print '*** Please answer a few configuration options ***'
if customize:
logging.info('Copying configuration file to workdir.')
print ''
print '* Certificate Information *'
print 'IMPORTANT: Please make sure that "Common Name" is the IP address or fully qualified host name ' \
' that you want to use for the server API.'
cert_cn = raw_input('Common Name: ')
cert_country = raw_input('Country: ')
cert_state = raw_input('State: ')
cert_locality = raw_input('Locality/City: ')
cert_org = raw_input('Organization: ')
cert_org_unit = raw_input('Organizational unit: ')
print ''
print '* Network *'
web_port = raw_input('Port for UI (default: 5000): ')
if web_port:
web_port = int(web_port)
else:
web_port = 5000
else:
logging.warn(
'Beeswarm server will be configured using default ssl parameters and network '
'configuration, this could be used to fingerprint the beeswarm server. If you want to '
'customize these options please use the --customize options on first startup.'
)
cert_cn = '*'
cert_country = 'US'
cert_state = 'None'
cert_locality = 'None'
cert_org = 'None'
cert_org_unit = ''
web_port = 5000
cert, priv_key = create_self_signed_cert(cert_country, cert_state,
cert_org, cert_locality,
cert_org_unit, cert_cn)
cert_path = os.path.join(work_dir, 'server.crt')
key_path = os.path.join(work_dir, 'server.key')
with open(cert_path, 'w') as certfile:
certfile.write(cert)
with open(key_path, 'w') as keyfile:
keyfile.write(priv_key)
if not server_hostname:
print ''
print '* Communication between drones (honeypots and clients) and server *'
print '* Please make sure that drones can always contact the Beeswarm server using the information that' \
' you are about to enter. *'
server_hostname = raw_input('IP or hostname of server: ')
zmq_port = 5712
zmq_command_port = 5713
if customize:
zmq_port_input = raw_input(
'TCP port for session data (default: 5712) : ')
if zmq_port_input != '':
zmq_port = int(zmq_port)
zmq_command_port_input = raw_input(
'TCP port for drone commands(default: 5713) : ')
if zmq_command_port_input != '':
zmq_command_port = int(zmq_port)
# tmp actor while initializing
config_actor = ConfigActor(self.config_file, work_dir)
config_actor.start()
context = beeswarm.shared.zmq_context
socket = context.socket(zmq.REQ)
gevent.sleep()
socket.connect(SocketNames.CONFIG_COMMANDS.value)
socket.send('{0} {1}'.format(Messages.GET_ZMQ_KEYS.value,
'beeswarm_server'))
result = socket.recv()
if result.split(' ', 1)[0] == Messages.OK.value:
result = json.loads(result.split(' ', 1)[1])
zmq_public, zmq_private = (result['public_key'],
result['private_key'])
else:
assert False
sqlite_db = os.path.join(work_dir, 'beeswarm_sqlite.db')
message_dict = {
'network': {
'zmq_server_public_key': zmq_public,
'web_port': web_port,
'zmq_port': zmq_port,
'zmq_command_port': zmq_command_port,
'server_host': server_hostname
},
'sql': {
'connection_string': 'sqlite:///{0}'.format(sqlite_db)
},
'ssl': {
'certpath': 'server.crt',
'keypath': 'server.key'
},
'general': {
'mode': 'server'
},
'bait_session_retain': 2,
'malicious_session_retain': 100,
'ignore_failed_bait_session': False
}
socket.send('{0} {1}'.format(Messages.SET_CONFIG_ITEM.value,
json.dumps(message_dict)))
socket.recv()
config_actor.stop()
def populate_bait(self, honeypot_first):
honeypot_id = 1
client_id = 2
honeypot = Honeypot(id=honeypot_id)
client = Client(id=client_id)
db_session = database_setup.get_session()
db_session.add(honeypot)
db_session.add(client)
db_session.commit()
drone_data_socket = beeswarm.shared.zmq_context.socket(zmq.PUB)
drone_data_socket.bind(SocketNames.DRONE_DATA.value)
config_file = tempfile.mkstemp()[1]
os.remove(config_file)
# persistence actor needs to communicate with on config REQ/REP socket
config_actor = ConfigActor(config_file, '')
config_actor.start()
# startup session database
database_actor = DatabaseActor(999, delay_seconds=2)
database_actor.start()
gevent.sleep(1)
BaitSession.client_id = client_id
honeypot_session = HoneypotSession(source_ip='192.168.100.22',
source_port=52311,
protocol='pop3',
users={},
destination_port=110)
honeypot_session.add_auth_attempt('plaintext',
True,
username='******',
password='******')
honeypot_session.honeypot_id = honeypot_id
bait_session = BaitSession('pop3', '1234', 110, honeypot_id)
bait_session.add_auth_attempt('plaintext',
True,
username='******',
password='******')
bait_session.honeypot_id = honeypot_id
bait_session.did_connect = bait_session.did_login = bait_session.alldone = bait_session.did_complete = True
if honeypot_first:
drone_data_socket.send('{0} {1} {2}'.format(
Messages.SESSION_HONEYPOT.value, honeypot_id,
json.dumps(honeypot_session.to_dict(),
default=json_default,
ensure_ascii=False)))
drone_data_socket.send('{0} {1} {2}'.format(
Messages.SESSION_CLIENT.value, client_id,
json.dumps(bait_session.to_dict(),
default=json_default,
ensure_ascii=False)))
else:
drone_data_socket.send('{0} {1} {2}'.format(
Messages.SESSION_CLIENT.value, client_id,
json.dumps(bait_session.to_dict(),
default=json_default,
ensure_ascii=False)))
drone_data_socket.send('{0} {1} {2}'.format(
Messages.SESSION_HONEYPOT.value, honeypot_id,
json.dumps(honeypot_session.to_dict(),
default=json_default,
ensure_ascii=False)))
# some time for the session actor to work
gevent.sleep(2)
config_actor.stop()
database_actor.stop()
if os.path.isfile(config_file):
os.remove(config_file)
