log stdin when

2014-10-04 12:43:24 +00:00 · 2014-10-04 12:43:24 +00:00 · c01ef07be1
parent a3503afc71
commit c01ef07be1
1 changed files with 21 additions and 0 deletions
--- a/kippo/core/protocol.py
+++ b/kippo/core/protocol.py
@ -145,6 +145,11 @@ class HoneyPotExecProtocol(HoneyPotBaseProtocol):
        print 'Running exec command "%s"' % self.execcmd
        self.cmdstack[0].lineReceived(self.execcmd)

+#        self.terminal.transport.session.conn.sendRequest(self.terminal.transport.session, 'exit-status', struct.pack('>L', 0))
+#        self.terminal.transport.session.conn.sendClose(self.terminal.transport.session)
+#        return
+#
+
 class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLine):

    def __init__(self, user, env):
@ -234,6 +239,12 @@ class LoggingServerProtocol(insults.ServerProtocol):

        transport.ttylog_open = True

+        transport.stdinlog_file = '%s/tty/%s-%s.log' % \
+            (config().get('honeypot', 'download_path'),
+            time.strftime('%Y%m%d-%H%M%S'),
+            int(random.random() * 10000))
+        transport.stdinlog_open = True
+
        insults.ServerProtocol.connectionMade(self)

    def write(self, bytes, noLog = False):
@ -245,6 +256,16 @@ class LoggingServerProtocol(insults.ServerProtocol):
                ttylog.TYPE_OUTPUT, time.time(), bytes)
        insults.ServerProtocol.write(self, bytes)

+    def dataReceived(self, data, noLog = False):
+        transport = self.transport.session.conn.transport
+        if transport.ttylog_open and not noLog:
+            ttylog.ttylog_write(transport.ttylog_file, len(data),
+                ttylog.TYPE_INPUT, time.time(), data)
+        if transport.stdinlog_open and not noLog:
+            f = file( transport.stdinlog_file, 'ab' )
+            f.write(data)
+            f.close
+
    # this doesn't seem to be called upon disconnect, so please use
    # HoneyPotTransport.connectionLost instead
    def connectionLost(self, reason):