From bef14875d033eb39e5170dc161318db1c204e87e Mon Sep 17 00:00:00 2001 From: Russ Handorf Date: Sat, 13 Feb 2016 18:21:24 -0500 Subject: [PATCH 1/1] initial commit --- README | 40 ++++++++++++++++++++++ client-pcap-inject.pl | 68 +++++++++++++++++++++++++++++++++++++ client-pcapcolors-inject.pl | 68 +++++++++++++++++++++++++++++++++++++ client-syslogpipe-injext.pl | 56 ++++++++++++++++++++++++++++++ server.pl | 58 +++++++++++++++++++++++++++++++ server_alienfeeds-pcap.js | 47 +++++++++++++++++++++++++ 6 files changed, 337 insertions(+) create mode 100644 README create mode 100755 client-pcap-inject.pl create mode 100755 client-pcapcolors-inject.pl create mode 100755 client-syslogpipe-injext.pl create mode 100755 server.pl create mode 100644 server_alienfeeds-pcap.js diff --git a/README b/README new file mode 100644 index 0000000..2d8f9c2 --- /dev/null +++ b/README @@ -0,0 +1,40 @@ +Howdy do neighbor! + +If you're reading this, then pour yourself a tasty beverage. The history of this was so that I could learn the basics of websockets. + +Firstly, lets get the licensing out of the way... + +############################################################################### +# The MIT License (MIT) +# Copyright (c) Russell Handorf +# Other copyrights noted where code modification is located +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. +# +############################################################################### + +Download and compile: https://github.com/fw42/honeymap + +In all cases for scripts, replace all instances of 'YOURSERVER' with your server's domainname, ip, or some other identifier. To make your life easier, just grep for this. + +server_alienfeeds-pcap.js : This is the modified version of their map code to connect to the server. +server.pl : This is the server that handles "clients". mainly the injectors and nodejs instances. It acts akin to an IRC messaging system. +client-pcap-inject.pl : This is the perl script to sniff and inject messages. Change the MTU and network interface to your suiting. +client-pcapcolors-inject.pl : Pretty much the same as above, but *attempts* to add colors to the dots on the map. +client-syslogpipe-injext.pl : This is the perl script to crudely parse IP info out of a syslog pipe provided by syslog-ng. Can be modified to read any syslog file. diff --git a/client-pcap-inject.pl b/client-pcap-inject.pl new file mode 100755 index 0000000..5dc35e7 --- /dev/null +++ b/client-pcap-inject.pl @@ -0,0 +1,68 @@ +#!/usr/bin/perl + +use strict; +use Net::Pcap; +use NetPacket::Ethernet; +use NetPacket::IP; +use NetPacket::TCP; +use Socket; +use IO::Socket; + +use Geo::IP; +my $gi = Geo::IP->open("GeoLiteCity.dat", GEOIP_STANDARD); + +my $err; + +my $dev = "eth1"; +unless (defined $dev) { + $dev = Net::Pcap::lookupdev(\$err); + if (defined $err) { + die 'Unable to determine network device for monitoring - ', $err; + } +} + +my $server = IO::Socket::INET->new( + Proto => 'tcp', + PeerPort => 10000, + PeerAddr => 'localhost' ) +or die "can't setup server"; + +my ($address, $netmask); +print "Starting to send data\n"; +my $object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err); + +my $filter; +Net::Pcap::compile( + $object, + \$filter, + #'(not net 192.168.0.0/16) && (tcp[13] & 2!=0)', + #'(tcp[13] & 2!=0) && (not src net 192.168.0.0/16)', + #syn/ack + '((tcp[13] & 2!=0) || (tcp[13] & 16 != 0)) && (not src net 192.168.0.0/16)', + #'net 70.91.6.64/29', + 0, + $netmask +) && die 'Unable to compile packet capture filter'; +Net::Pcap::setfilter($object, $filter) && + die 'Unable to set packet capture filter'; + +unless (defined $object) { + die 'Unable to create packet capture on device ', $dev, ' - ', $err; +} + +Net::Pcap::loop($object, -1, \&syn_packets, $server) || + die 'Unable to perform packet capture'; + +sub syn_packets { + my ($user_data, $header, $packet) = @_; + my $ether_data = NetPacket::Ethernet::strip($packet); + my $ip = NetPacket::IP->decode($ether_data); + my $tcp = NetPacket::TCP->decode($ip->{'data'}); + + my $record = $gi->record_by_addr($ip->{'src_ip'}); + if ($record) { + print $ip->{'src_ip'}. " - " ."Sending ".$record->latitude.":".$record->longitude."\n"; + print $user_data $record->latitude.":".$record->longitude."\n"; + } +} + diff --git a/client-pcapcolors-inject.pl b/client-pcapcolors-inject.pl new file mode 100755 index 0000000..dc9ad2e --- /dev/null +++ b/client-pcapcolors-inject.pl @@ -0,0 +1,68 @@ +#!/usr/bin/perl + +use strict; +use Net::Pcap; +use NetPacket::Ethernet; +use NetPacket::IP; +use NetPacket::TCP; +use Socket; +use IO::Socket; + +use Geo::IP; +my $gi = Geo::IP->open("GeoLiteCity.dat", GEOIP_STANDARD); + +my $err; + +my $dev = "eth1"; +unless (defined $dev) { + $dev = Net::Pcap::lookupdev(\$err); + if (defined $err) { + die 'Unable to determine network device for monitoring - ', $err; + } +} + +my $server = IO::Socket::INET->new( + Proto => 'tcp', + PeerPort => 10000, + PeerAddr => 'localhost' ) +or die "can't setup server"; + +my ($address, $netmask); +print "Starting to send data\n"; +my $object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err); + +my $filter; +Net::Pcap::compile( + $object, + \$filter, + #'(not net 192.168.0.0/16) && (tcp[13] & 2!=0)', + '(tcp[13] & 2!=0) && (not src net 192.168.0.0/16)', + #'net 70.91.6.64/29', + 0, + $netmask +) && die 'Unable to compile packet capture filter'; + +Net::Pcap::setfilter($object, $filter) && + die 'Unable to set packet capture filter'; + + +unless (defined $object) { + die 'Unable to create packet capture on device ', $dev, ' - ', $err; +} + +Net::Pcap::loop($object, -1, \&syn_packets, $server) || + die 'Unable to perform packet capture'; + +sub syn_packets { + my ($user_data, $header, $packet) = @_; + my $ether_data = NetPacket::Ethernet::strip($packet); + my $ip = NetPacket::IP->decode($ether_data); + my $tcp = NetPacket::TCP->decode($ip->{'data'}); + + my $record = $gi->record_by_addr($ip->{'src_ip'}); + if ($record) { + print $ip->{'src_ip'}. " - " ."Sending ".$record->latitude.":".$record->longitude."\n"; + print $user_data $record->latitude.":".$record->longitude."-red:darkred\n";; + } +} + diff --git a/client-syslogpipe-injext.pl b/client-syslogpipe-injext.pl new file mode 100755 index 0000000..bf65caa --- /dev/null +++ b/client-syslogpipe-injext.pl @@ -0,0 +1,56 @@ +#!/usr/bin/perl + +use strict; +use Parse::Syslog; +use Socket; +use IO::Socket; + +use Geo::IP; +my $gi = Geo::IP->open("GeoLiteCity.dat", GEOIP_STANDARD); + +my $server = IO::Socket::INET->new( + Proto => 'tcp', + LocalPort => 10000, + Listen => 5, + Reuse => 1 ) +or die "can't setup server"; + +my $num_of_client = -1; + +while (1) { + my $client; + do { + $client = $server->accept; + } until ( defined($client) ); + my $peerhost = $client->peerhost(); + print "Accepted a client $client, $peerhost, id = ", ++$num_of_client, "\n"; + $client->autoflush(1); + open (SYSLOG, "/tmp/perl.pipe"); + while() { + my @messages = split(",", $_); + + my $host = substr($messages[0],1); + my $facility = substr($messages[1],1); + my $priority = substr($messages[2],1); + my $level = substr($messages[3],1); + my $tag = substr($messages[4],1); + my $YMD = substr($messages[5],1); + my $HMS = substr($messages[6],1); + my $program = substr($messages[7],1); + my $msg = substr($messages[8],1); + if($msg =~/(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/ ){ + my $ip = $1; + if (unpack('N',inet_aton($ip)) > 0) { + my $record = $gi->record_by_addr($ip); + if ($record) { + print "Sending $ip ".$record->latitude.":".$record->longitude."\n"; + print $client $record->latitude.":".$record->longitude."\n"; + } + } else { + print "$msg $ip Hrrm no country for old men.\n"; + } + } else { + print "No ip in $msg"; + } + } +} diff --git a/server.pl b/server.pl new file mode 100755 index 0000000..ea647a5 --- /dev/null +++ b/server.pl @@ -0,0 +1,58 @@ +#!/usr/bin/perl +use warnings; +use strict; +use IO::Socket; +use threads; +use threads::shared; +$|++; +print "$$ Server started\n";; # do a "top -p -H $$" to monitor server + +our @clients : shared; +@clients = (); + +my $server = new IO::Socket::INET( + Timeout => 7200, + Proto => "tcp", + LocalPort => 10000, + Reuse => 1, + Listen => 3 +); +my $num_of_client = -1; + +while (1) { + my $client; + + do { + $client = $server->accept; + } until ( defined($client) ); + + my $peerhost = $client->peerhost(); + print "accepted a client $client, $peerhost, id = ", ++$num_of_client, "\n"; + my $fileno = fileno $client; + push (@clients, $fileno); + #spawn a thread here for each client + my $thr = threads->new( \&processit, $client, $fileno, $peerhost )->detach(); +} +# end of main thread + +sub processit { + my ($lclient,$lfileno,$lpeer) = @_; #local client + + if($lclient->connected){ + while(<$lclient>){ + #print $lclient "$lpeer->$_\n"; + print "clients-> @clients\n"; + + foreach my $fn (@clients) { + open my $fh, ">&=$fn" or warn $! and die; + print $fh "$_"; + print "Sending $_\n"; + } + } + } + #close filehandle before detached thread dies out + close( $lclient); + #remove multi-echo-clients from echo list + @clients = grep {$_ !~ $lfileno} @clients; +} +__END__ diff --git a/server_alienfeeds-pcap.js b/server_alienfeeds-pcap.js new file mode 100644 index 0000000..4fbe505 --- /dev/null +++ b/server_alienfeeds-pcap.js @@ -0,0 +1,47 @@ +/** Example node.js app for serving random markers via socket.io **/ + +var app = require('http').createServer(handler); +var fs = require('fs'); +var util = require('util'); +var ns = require('node-static'); +var io = require('socket.io').listen(app); +var net = require('net'); +var file = new(ns.Server)("../static/", { cache: 600 }); + +// Listen on port 1338 +app.listen(1338); + +// Serve static content +function handler (req, res) { + req.addListener('end', function() { + file.serve(req, res, function(err, result) { + if (err) { + console.error('Error serving %s - %s', req.url, err.message); + if (err.status === 404 || err.status === 500) { + file.serveFile(util.format('/%d.html', err.status), err.status, {}, req, res); + } else { + res.writeHead(err.status, err.headers); + res.end(); + } + } + }); + }); +} + +// Push random markers via socket.io +io.sockets.on('connection', function (socket) { + var sock = net.createConnection(10000,"YOURSERVER"); + console.log('Attempting a connection'); + sock.on('connect', function (connect) { + console.log('Connected'); + sock.on('data', function (data) { + var parts = data.toString("utf-8").split(":"); + var lat, lng; + lat = Number(parts[0]); + lng = Number(parts[1]); + if (lat != null && lng != null) { + socket.emit('marker', { lat: lat, lng: lng }); + } + }) + }); +}); -- 2.34.1