def recv_send(self, local, remote, request): # Receive data from the local peer data = local.recv(self.mtu) # If we received zero bytes, the connection got down, raise the # exception so we can exit the loop and accept other clients if len(data) == 0: raise socket.error((100, "Underlying stream socket tore down")) # Record the event event = Event("Forwarding packet", data={"target_host": self.target_address, "target_port": self.target_port}) # Add the entire packet to the event data = str(data) if request: event.request = data else: event.response = data # Register the event self.session.add_event(event) # Send it to the remote peer remote.send(data)
def test_dbfeeds(self): """Tests event storage on a database""" self.test_filename = mkstemp(".sqlite", "dbfeedstest")[1] # Register an event using the DBFeed configuration = Configuration({ "feed": "DBFeed", "db_engine": "sqlite:///%s" % self.test_filename }) feed = DBFeed(configuration) event = Event("Test event") event.session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) feed.log(event) feed.stop() # Now check the event in the database conn = sqlite3.connect(self.test_filename) cursor = conn.cursor() cursor.execute('SELECT * FROM events') results = cursor.fetchall() self.assertEqual(len(results), 1) self.assertEqual(results[0][1], str(event.session.uuid)) self.assertEqual(results[0][2], str(event.timestamp)) self.assertEqual(results[0][3], repr(event))
def test_dbfeeds(self): """Tests event storage on a database""" self.test_filename = mkstemp(".sqlite", "dbfeedstest")[1] # Register an event using the DBFeed configuration = Configuration({"feed": "DBFeed", "db_engine": "sqlite:///%s" % self.test_filename}) feed = DBFeed(configuration) event = Event("Test event") event.session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) feed.log(event) feed.stop() # Now check the event in the database conn = sqlite3.connect(self.test_filename) cursor = conn.cursor() cursor.execute('SELECT * FROM events') results = cursor.fetchall() self.assertEqual(len(results), 1) self.assertEqual(results[0][1], str(event.session.uuid)) self.assertEqual(results[0][2], str(event.timestamp)) self.assertEqual(results[0][3], repr(event))
def test_logfeeds(self): self.test_filename = mkstemp(".log", "logfeedstest")[1] # Register an event using the LogFeed configuration = Configuration({"feed": "LogFeed", "log_filename": self.test_filename}) feed = LogFeed(configuration) event = Event("Test event") event.session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) feed.log(event) feed.stop() self.assertIs(path.exists(self.test_filename), True)
def test_feed_manager(self): """Test attack feed manager""" # Create a session manager and the feed manager attached to it config = Configuration() session_manager = SessionManager(config) feed_manager = FeedManager(config, session_manager) feed_manager.add_feed(DummyFeed(config)) feed_manager.run() # Create an event event = Event("Test event") # Obtain a session and add the event session = session_manager.get_session("test", "127.0.0.1", 3200, "127.0.0.1", 3201) session.add_event(event) # Give the feed manager time for processing the event sleep(1) # Stop the feed manager and check if the event was processed feed_manager.stop() new_event = DummyFeed.events.get() self.assertIs(event, new_event)
def test_hpfeeds(self): """Tests the HPFeed by connecting to honeynet's HPFriends service. """ # Register an event using the HPFeed configuration = Configuration({"feed": "HPFeed", "feed_host": self.test_host, "feed_port": self.test_port, "feed_ident": self.test_ident, "feed_secret": self.test_secret, "channels": [self.test_channel]}) feed = HPFeed(configuration) event = Event("Test event") event.session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) feed.log(event) feed.stop()
def test_logfeeds(self): self.test_filename = mkstemp(".log", "logfeedstest")[1] # Register an event using the LogFeed configuration = Configuration({ "feed": "LogFeed", "log_filename": self.test_filename }) feed = LogFeed(configuration) event = Event("Test event") event.session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) feed.log(event) feed.stop() self.assertIs(path.exists(self.test_filename), True)
def test_session(self): """Test the attack session object""" queue = Queue() session = Session(queue, "test", "127.0.0.1", 3200, "127.0.0.1", 3201) event_str = "Some event" # Test adding an event object event = Event(event_str) session.add_event(event) new_event = queue.get() self.assertIs(new_event, event) self.assertIs(new_event.session, session) # Test adding an event string session.add_event(event_str) new_event = queue.get() self.assertIs(new_event.session, session) self.assertIsInstance(new_event, Event) self.assertEqual(new_event.event, event_str)
def test_event(self): """Test the attack event object""" event = Event(self.test_string, data=self.test_string) with self.assertRaises(Exception): str(event) with self.assertRaises(Exception): repr(event) session = Session(Queue(), "test", "127.0.0.1", 3200, "127.0.0.1", 3201) session.add_event(event) event_json = json.loads(repr(event)) self.assertEqual(event_json["event"], event.event) self.assertEqual(event_json["data"], event.data) self.assertEqual(event_json["timestamp"], str(event.timestamp)) self.assertEqual(event_json["session"], str(session.uuid)) self.assertEqual(event_json["service"], session.service) self.assertEqual(event_json["source_ip"], session.source_ip) self.assertEqual(event_json["source_port"], session.source_port) self.assertEqual(event_json["target_ip"], session.target_ip) self.assertEqual(event_json["target_port"], session.target_port)