Created
October 31, 2023 18:12
-
-
Save MHaggis/11734d4b76a5b4c623686c13d0c33100 to your computer and use it in GitHub Desktop.
You'll prob need to change line 6 or make a logs dir.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| from datetime import datetime | |
| import logging | |
| current_datetime = datetime.now().strftime('%Y%m%d_%H%M%S') | |
| log_file_name = f'logs/app_{current_datetime}.log' | |
| class EmulatedServer(BaseHTTPRequestHandler): | |
| pass | |
| class HoneyMimic(BaseHTTPRequestHandler): | |
| def log_in_basic_format(self, method, message): | |
| log_format = f'{self.log_date_time_string()} - {method} - {message}' | |
| logging.info(log_format) | |
| def log_in_kv_format(self, response_code, method): | |
| log_format = ( | |
| f'dest_port="{self.server.server_port}" ' | |
| f'dest_ip="{self.server.server_address[0]}" ' | |
| f'src="{self.client_address[0]}" ' | |
| f'src_ip="{self.client_address[0]}" ' | |
| f'time_local="{self.log_date_time_string()}" ' | |
| f'status="{response_code}" ' | |
| f'http_referer="{self.headers.get("Referer", "-")}" ' | |
| f'http_user_agent="{self.headers.get("User-Agent", "-")}" ' | |
| f'uri_path="{self.path}" ' | |
| f'http_method="{method}" ' | |
| ) | |
| logging.info(log_format) | |
| def log_verbose(self, method, response_code, response_content): | |
| log_format = ( | |
| f'\n\n------- Incoming Request -------\n' | |
| f'Method: {method}\n' | |
| f'Path: {self.path}\n' | |
| f'Headers:\n{self.headers}\n' | |
| f'------- Response -------\n' | |
| f'Status Code: {response_code}\n' | |
| f'Content: {response_content}\n' | |
| f'--------------------------\n' | |
| ) | |
| logging.debug(log_format) | |
| def send_generic_response(self, response_code, response_body): | |
| self.send_response(response_code) | |
| self.send_header('Content-Type', 'application/json; charset=utf-8') | |
| self.send_header('Connection', 'close') | |
| self.send_header('X-Content-Type-Options', 'nosniff') | |
| self.send_header('X-XSS-Protection', '1; mode=block') | |
| self.send_header('Cache-control', 'no-cache, no-store, must-revalidate') | |
| self.send_header('Pragma', 'no-cache') | |
| self.end_headers() | |
| self.wfile.write(response_body.encode()) | |
| self.log_verbose(response_code, 'RESPONSE', response_body) | |
| def do_POST(self): | |
| if self.path == '/tmui/login.jsp': | |
| self.send_generic_response(200, "BIG-IP Configuration Utility Login Page") | |
| elif self.path.startswith('/mgmt/tm/auth/user/'): | |
| self.send_generic_response(200, "Password updated successfully.") | |
| elif self.path == '/mgmt/shared/authn/login': | |
| self.send_generic_response(200, '{"token":"SAMPLETOKEN123456789012345"}') | |
| elif self.path == '/mgmt/tm/util/bash': | |
| self.send_generic_response(200, '{"commandResult":"uid=0(root) gid=0(root) groups=0(root)"}') | |
| else: | |
| self.send_generic_response(200, "OK") | |
| self.log_verbose(200, 'POST', self.path) | |
| def do_PATCH(self): | |
| self.do_POST() | |
| if __name__ == "__main__": | |
| logging.basicConfig(filename=log_file_name, filemode='w', format='%(asctime)s - %(levelname)s - %(message)s', level=logging.DEBUG) | |
| server_address = ('', 8000) | |
| httpd = HTTPServer(server_address, HoneyMimic) | |
| print('Running HoneyMimic...') | |
| httpd.serve_forever() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2023-10-31 12:10:02,138 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /tmui/login.jsp | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| Transfer-Encoding: chunked, chunked | |
| Content-Type: application/x-www-form-urlencoded | |
| ------- Response ------- | |
| Status Code: RESPONSE | |
| Content: BIG-IP Configuration Utility Login Page | |
| -------------------------- | |
| 2023-10-31 12:10:02,138 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /tmui/login.jsp | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| Transfer-Encoding: chunked, chunked | |
| Content-Type: application/x-www-form-urlencoded | |
| ------- Response ------- | |
| Status Code: POST | |
| Content: /tmui/login.jsp | |
| -------------------------- | |
| 2023-10-31 12:10:02,141 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/tm/auth/user/ZnHw2 | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36 | |
| Connection: close | |
| Content-Length: 32 | |
| Authorization: Basic Wm5IdzI6U1VyejZMZDRVZGEy | |
| Content-Type: application/json | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: RESPONSE | |
| Content: Password updated successfully. | |
| -------------------------- | |
| 2023-10-31 12:10:02,141 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/tm/auth/user/ZnHw2 | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36 | |
| Connection: close | |
| Content-Length: 32 | |
| Authorization: Basic Wm5IdzI6U1VyejZMZDRVZGEy | |
| Content-Type: application/json | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: POST | |
| Content: /mgmt/tm/auth/user/ZnHw2 | |
| -------------------------- | |
| 2023-10-31 12:10:02,142 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/shared/authn/login | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 | |
| Connection: close | |
| Content-Length: 49 | |
| Content-Type: application/json | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: RESPONSE | |
| Content: {"token":"SAMPLETOKEN123456789012345"} | |
| -------------------------- | |
| 2023-10-31 12:10:02,142 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/shared/authn/login | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 | |
| Connection: close | |
| Content-Length: 49 | |
| Content-Type: application/json | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: POST | |
| Content: /mgmt/shared/authn/login | |
| -------------------------- | |
| 2023-10-31 12:10:02,143 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/tm/util/bash | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36 | |
| Connection: close | |
| Content-Length: 41 | |
| Content-Type: application/json | |
| X-F5-Auth-Token: SAMPLETOKEN123456789012345 | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: RESPONSE | |
| Content: {"commandResult":"uid=0(root) gid=0(root) groups=0(root)"} | |
| -------------------------- | |
| 2023-10-31 12:10:02,143 - DEBUG - | |
| ------- Incoming Request ------- | |
| Method: 200 | |
| Path: /mgmt/tm/util/bash | |
| Headers: | |
| Host: 127.0.0.1:8000 | |
| User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36 | |
| Connection: close | |
| Content-Length: 41 | |
| Content-Type: application/json | |
| X-F5-Auth-Token: SAMPLETOKEN123456789012345 | |
| Accept-Encoding: gzip | |
| ------- Response ------- | |
| Status Code: POST | |
| Content: /mgmt/tm/util/bash | |
| -------------------------- | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment