Sunday, November 18, 2018

python3 http.server HTTP Honeypot

Created a python3 http.server honeypot that responds to everything with an html code of 301 redirect to msn.com and creates a log of the connecting IP Address, http verb, path of the connection, http code, and the headers including the user agent.  It also records the POST variables if they exist.

Added the ability to change the server header, protocol and sys version (python version) displayed.





#!/usr/bin/python3

import datetime
from http.server import HTTPServer, BaseHTTPRequestHandler


def servePage(s, hverb):
    now = datetime.datetime.now()
    logtime = now.strftime("%m-%d-%Y %H:%M")
    userAgent = str(s.headers['User-Agent'])
    if hverb == "POST":
        contentLen = int(s.headers['Content-Length'])
        body = s.rfile.read(contentLen)
        postInfo = body.decode("utf-8")
    else:
        postInfo = ""
    log = logtime
    log += " SrcIP:" + s.client_address[0]
    log += " HTTPCode:200"
    log += " HTTPVerb:" + hverb
    log += " URI:" + s.path
    log += " UserAgent:" + userAgent
    log += " Headers("
    for h in s.headers:
        if "User-Agent" not in h:
            log += h + ":" + s.headers[h] + ","
    log = log[:-1]
    log += ")"
    if hverb == "POST":
        log += " POST:" + postInfo
    log += "\n"
    f = open('log.txt', 'a')
    f.write(log)
    f.close()
    s.protocol_version = 'HTTP/1.1'
    s.server_version = 'Microsoft-IIS/8.5'
    s.sys_version = ''
    #s.send_response(200)
    # Setup with the below 2 lines to redirect to another page.  Example below is msn.com
    s.send_response(301)
    s.send_header('Location','http://www.msn.com')
    s.send_header('X-Powered-By', 'ASP.NET')
    s.send_header('Content-type', 'text/html')
    s.end_headers()
    message = ""
    s.wfile.write(bytes(message, "utf8"))
    return


class StaticServer(BaseHTTPRequestHandler):

    def do_GET(self):
        servePage(self, "GET")
        return

    def do_POST(self):
        servePage(self, "POST")
        return

    def do_PUT(self):
        servePage(self, "PUT")
        return

    def do_DELETE(self):
        servePage(self, "DELETE")
        return

    def do_OPTIONS(self):
        servePage(self, "OPTIONS")
        return

# You can change the port it listens on below...
def main(server_class=HTTPServer, handler_class=StaticServer, port=8005):
    server_address = ('', port)
    httpd = server_class(server_address, handler_class)
    print('Starting httpd on port {}'.format(port))
    httpd.serve_forever()



print("http.server Honeypot")
main()

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...