new way to disable https checks (#2136)

2024-03-25 14:02:28 +08:00 · 2024-03-25 14:02:28 +08:00 · 1e7bf0eb1d
parent 8680bfc08d
commit 1e7bf0eb1d
2 changed files with 24 additions and 17 deletions
--- a/src/cowrie/output/graylog.py
+++ b/src/cowrie/output/graylog.py
@ -4,14 +4,16 @@ Simple Graylog HTTP Graylog Extended Log Format (GELF) logger.

 from __future__ import annotations

+from io import BytesIO
 import json
 import time

-from io import BytesIO
-from twisted.internet import reactor
-from twisted.internet.ssl import ClientContextFactory
+from zope.interface import implementer
+
+from twisted.internet import reactor, ssl
 from twisted.web import client, http_headers
 from twisted.web.client import FileBodyProducer
+from twisted.web.iweb import IPolicyForHTTPS

 import cowrie.core.output
 from cowrie.core.config import CowrieConfig
@ -20,7 +22,7 @@ from cowrie.core.config import CowrieConfig
 class Output(cowrie.core.output.Output):
    def start(self) -> None:
        self.url = CowrieConfig.get("output_graylog", "url").encode("utf8")
-        contextFactory = WebClientContextFactory()
+        contextFactory = WhitelistContextFactory()
        self.agent = client.Agent(reactor, contextFactory)

    def stop(self) -> None:
@ -53,6 +55,7 @@ class Output(cowrie.core.output.Output):
        self.agent.request(b"POST", self.url, headers, body)


-class WebClientContextFactory(ClientContextFactory):
-    def getContext(self):
-        return ClientContextFactory.getContext(self)
+@implementer(IPolicyForHTTPS)
+class WhitelistContextFactory:
+    def creatorForNetloc(self, hostname, port):
+        return ssl.CertificateOptions(verify=False)
--- a/src/cowrie/output/splunk.py
+++ b/src/cowrie/output/splunk.py
@ -12,11 +12,13 @@ import json
 from io import BytesIO
 from typing import Any

-from twisted.internet import reactor
-from twisted.internet.ssl import ClientContextFactory
+from zope.interface import implementer
+
+from twisted.internet import reactor, ssl
 from twisted.python import log
 from twisted.web import client, http_headers
 from twisted.web.client import FileBodyProducer
+from twisted.web.iweb import IPolicyForHTTPS

 import cowrie.core.output
 from cowrie.core.config import CowrieConfig
@ -34,12 +36,13 @@ class Output(cowrie.core.output.Output):
    def start(self) -> None:
        self.token = CowrieConfig.get("output_splunk", "token")
        self.url = CowrieConfig.get("output_splunk", "url").encode("utf8")
-        self.index = CowrieConfig.get("output_splunk", "index", fallback=None)
-        self.source = CowrieConfig.get("output_splunk", "source", fallback=None)
-        self.sourcetype = CowrieConfig.get("output_splunk", "sourcetype", fallback=None)
+        self.index = CowrieConfig.get("output_splunk", "index", fallback="main")
+        self.source = CowrieConfig.get("output_splunk", "source", fallback="cowrie")
+        self.sourcetype = CowrieConfig.get(
+            "output_splunk", "sourcetype", fallback="cowrie"
+        )
        self.host = CowrieConfig.get("output_splunk", "host", fallback=None)
-        contextFactory = WebClientContextFactory()
-        # contextFactory.method = TLSv1_METHOD
+        contextFactory = WhitelistContextFactory()
        self.agent = client.Agent(reactor, contextFactory)

    def stop(self) -> None:
@ -111,6 +114,7 @@ class Output(cowrie.core.output.Output):
        return d


-class WebClientContextFactory(ClientContextFactory):
-    def getContext(self):
-        return ClientContextFactory.getContext(self)
+@implementer(IPolicyForHTTPS)
+class WhitelistContextFactory:
+    def creatorForNetloc(self, hostname, port):
+        return ssl.CertificateOptions(verify=False)