From 0b5486964bf2b36e2be8c65b3d2222880232742f Mon Sep 17 00:00:00 2001 From: Mario Candela Date: Fri, 30 Aug 2024 08:28:56 +0200 Subject: [PATCH] feat: add source ip and source port (#126) add source ip and source port --- protocols/strategies/http.go | 5 +++++ protocols/strategies/ssh.go | 12 +++++++++++- protocols/strategies/tcp.go | 4 ++++ tracer/tracer.go | 2 ++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/protocols/strategies/http.go b/protocols/strategies/http.go index 432d474..e0a9d8c 100644 --- a/protocols/strategies/http.go +++ b/protocols/strategies/http.go @@ -6,6 +6,7 @@ import ( "github.com/mariocandela/beelzebub/v3/plugins" "github.com/mariocandela/beelzebub/v3/tracer" "io" + "net" "net/http" "regexp" "strings" @@ -91,6 +92,8 @@ func traceRequest(request *http.Request, tr tracer.Tracer, HoneypotDescription s if err == nil { body = string(bodyBytes) } + host, port, _ := net.SplitHostPort(request.RemoteAddr) + tr.TraceEvent(tracer.Event{ Msg: "HTTP New request", RequestURI: request.RequestURI, @@ -103,6 +106,8 @@ func traceRequest(request *http.Request, tr tracer.Tracer, HoneypotDescription s Headers: mapHeaderToString(request.Header), Status: tracer.Stateless.String(), RemoteAddr: request.RemoteAddr, + SourceIp: host, + SourcePort: port, ID: uuid.New().String(), Description: HoneypotDescription, }) diff --git a/protocols/strategies/ssh.go b/protocols/strategies/ssh.go index 19fc5e1..9cf4eb2 100644 --- a/protocols/strategies/ssh.go +++ b/protocols/strategies/ssh.go @@ -5,8 +5,8 @@ import ( "github.com/mariocandela/beelzebub/v3/parser" "github.com/mariocandela/beelzebub/v3/plugins" "github.com/mariocandela/beelzebub/v3/tracer" + "net" "regexp" - "strings" "time" @@ -29,10 +29,14 @@ func (sshStrategy *SSHStrategy) Init(beelzebubServiceConfiguration parser.Beelze Handler: func(sess ssh.Session) { uuidSession := uuid.New() + host, port, _ := net.SplitHostPort(sess.RemoteAddr().String()) + tr.TraceEvent(tracer.Event{ Msg: "New SSH Session", Protocol: tracer.SSH.String(), RemoteAddr: sess.RemoteAddr().String(), + SourceIp: host, + SourcePort: port, Status: tracer.Start.String(), ID: uuidSession.String(), Environ: strings.Join(sess.Environ(), ","), @@ -95,6 +99,8 @@ func (sshStrategy *SSHStrategy) Init(beelzebubServiceConfiguration parser.Beelze tr.TraceEvent(tracer.Event{ Msg: "New SSH Terminal Session", RemoteAddr: sess.RemoteAddr().String(), + SourceIp: host, + SourcePort: port, Status: tracer.Interaction.String(), Command: commandInput, CommandOutput: commandOutput, @@ -113,6 +119,8 @@ func (sshStrategy *SSHStrategy) Init(beelzebubServiceConfiguration parser.Beelze }) }, PasswordHandler: func(ctx ssh.Context, password string) bool { + host, port, _ := net.SplitHostPort(ctx.RemoteAddr().String()) + tr.TraceEvent(tracer.Event{ Msg: "New SSH attempt", Protocol: tracer.SSH.String(), @@ -121,6 +129,8 @@ func (sshStrategy *SSHStrategy) Init(beelzebubServiceConfiguration parser.Beelze Password: password, Client: ctx.ClientVersion(), RemoteAddr: ctx.RemoteAddr().String(), + SourceIp: host, + SourcePort: port, ID: uuid.New().String(), Description: beelzebubServiceConfiguration.Description, }) diff --git a/protocols/strategies/tcp.go b/protocols/strategies/tcp.go index a43a3d1..d59f32d 100644 --- a/protocols/strategies/tcp.go +++ b/protocols/strategies/tcp.go @@ -35,12 +35,16 @@ func (tcpStrategy *TCPStrategy) Init(beelzebubServiceConfiguration parser.Beelze command = string(buffer[:n]) } + host, port, _ := net.SplitHostPort(conn.RemoteAddr().String()) + tr.TraceEvent(tracer.Event{ Msg: "New TCP attempt", Protocol: tracer.TCP.String(), Command: command, Status: tracer.Stateless.String(), RemoteAddr: conn.RemoteAddr().String(), + SourceIp: host, + SourcePort: port, ID: uuid.New().String(), Description: beelzebubServiceConfiguration.Description, }) diff --git a/tracer/tracer.go b/tracer/tracer.go index 9567878..8618b26 100644 --- a/tracer/tracer.go +++ b/tracer/tracer.go @@ -34,6 +34,8 @@ type Event struct { HTTPMethod string RequestURI string Description string + SourceIp string + SourcePort string } type (