fofapro / fapro Goto Github PK
View Code? Open in Web Editor NEWFake Protocol Server
Fake Protocol Server
Can you post the source code please? This is github after all, not a file server.
Linux 32位的程序能否也编译一下
mongodb可以给一个账号密码登录的示例吗
sudo ./fapro genConfig > fapro.json
[sudo] password for luhy:
./fapro: 1: ./fapro: Syntax error: "(" unexpected
看到这个项目时,就觉得它可以替代inetsim作为样本分析时的嗅探机工具(易上手)
那么是否考虑实现对应功能(暂时想到)
使用fapro genConfig -n (0.0.0.0/0|本机网段(例如192.168.1.0/24)) > fapro.json
时运行fapro会报错提示already exist subnet
不过通过web端的协议配置里配置本机ip可以正常使用且能被同网段机器访问
at first, thanks you for contributing this tool.
can we use it as a honeypot via some changes on source code?
you as owner of tool, have you any idea for converting this tool to a honeypot tool?
tnx a lot.
很好的想法, 但是为什么没有记录密码 和 过程
如果能有
./fapro genConfig -t ssh
之类的只生成一个配置的方法会好用一些
This is a really cool project, which I'd like to extend some of the functionality of protocol-wise. Do you have any plans on open-sourcing the code?
环境:
CentOS 7
Linux bogon 3.10.0-1127.el7.x86_64 #1
SMP Tue Mar 31 23:36:51 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
ssh.json:
{
"version": "0.36",
"network": "192.168.1.0/24",
"network_build": "all",
"storage": null,
"hosts": [
{
"ip": "192.168.1.103",
"handlers": [
{
"handler": "ssh",
"port": 62222,
"params": {
"accounts": ["root:123456:/root:0"],
"prompt": "$ ",
"server_version": "SSH-2.0-OpenSSH_7.4"
}
}
]
}
]
}
./fapro run --config=ssh -v
回显如下:
panic: ioctl: SIOCADDRT: network is unreachable
goroutine 1 [running]:
main.(*runCommand).Execute(0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1b7ea01, 0x7f9f891f8098)
D:/code/netstackserver/main.go:194 +0xe74
main.main.func1(0x7f9f891f8098, 0xc000966cc0, 0xc0006caf30, 0x0, 0x3, 0x1, 0x0)
D:/code/netstackserver/main.go:297 +0x7e
github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc000451a40, 0xc00004c0d0, 0x3, 0x3, 0xd, 0x0, 0x0, 0x1db0960, 0xc0006cad20)
C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x85d
github.com/jessevdk/go-flags.(*Parser).Parse(...)
C:/Users/chenpanfeng/go/pkg/mod/github.com/jessevdk/[email protected]/parser.go:191
main.main()
D:/code/netstackserver/main.go:300 +0x369
尝试更改 network 项为特定ip地址、带掩码ip地址等,依然报错如上
只有在该项设置为 127.0.0.1 时可以正常执行 fapro run,但是此时无法从内网中其他机器访问
请问如何配置 json 文件才能在内网其他机器中访问到伪造的服务?
https://www.criminalip.io/ - Criminal IP is a specialized Cyber Threat Intelligence (CTI) search engine that allows users to search for various security-related information such as malicious IP addresses, domains, banners, etc. It can be widely integrated
I changed the http handler's body but it doesn't reflect in the service, it just shows "It Works!".
页面返回结果为 404 page not found
。
并未按照 fapro.json
中配置的 body
等配置项进行回显。
配置文件版本:"version": "0.62"
$ ./fapro genConfig -p ssh
{
"version": "0.58",
"hostname": "",
"network": "127.0.0.1/32",
"network_build": "localhost",
"geo_db": "",
"exclusions": null,
"storage": null,
"use_logq": false,
"syn_dev": "",
"icmp_dev": "",
"udp_dev": "",
"cert_name": "",
"hosts": [
{
"ip": "127.0.0.1",
"handlers": [
{
"handler": "ssh",
"port": 22,
"params": {
"accounts": [
"root:123456:/root:0"
],
"prompt": "$ ",
"server_version": "SSH-2.0-OpenSSH_7.4"
}
}
]
}
],
"templates": null
}
$ ./fapro run -v -l :8080
time="2022-02-24T11:40:16+08:00" level=info msg="ip exclusions: []"
use disk queue: false
time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] NamespaceRuntimeInit: Failed to create private namespace: 拒绝访问。 (Code 0x00000005)\n"
time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunOpenAdapter: Failed to take WireGuard pool mutex\n"
time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Creating adapter\n"
time="2022-02-24T11:40:16+08:00" level=info msg="log: [Wintun] WintunCreateAdapter: Failed to create new device information element: 拒绝访问。 (Code 0x00000005)\n"
panic: tun device from name error: Error creating interface: Access is denied.
goroutine 1 [running]:
main.(*runCommand).Execute(0xc00068b680, {0x1b8bd00, 0x195c601, 0xc00068b680})
/fapro/main.go:381 +0x14e6
main.main.func1({0x250c46e8030, 0xc00068b680}, {0xc000575d40, 0x1, 0x1b52500})
/fapro/main.go:523 +0x66
github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0000f9880, {0xc0000cc010, 0x7, 0x7})
pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c
github.com/jessevdk/go-flags.(*Parser).Parse(...)
pkg/mod/github.com/jessevdk/[email protected]/parser.go:191
main.main()
/fapro/main.go:526 +0x27e
在很多云环境或者网络隔离的环境里,经常用 带上原始ip和端口等信息.
如 阿里云: 通过Proxy Protocol获取客户端真实IP(四层监听)
当然,haproxy / aws /azure /cloudflare 也都是支持的比较广泛的.
快速入门实践: https://seriousben.com/posts/2020-02-exploring-the-proxy-protocol/
Golang 相关库: https://github.com/mailgun/proxyproto
RFC: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
工具很好用。
希望给elasticsearch增加设置账号、密码的功能。
现在es的配置信息如下,不支持account参数
{
"handler": "elasticsearch",
"port": 9200
},
fapro.exe run -v -l :8080
panic: Fatal error config file: While parsing config: invalid character 'ÿ' looking for beginning of value
goroutine 1 [running]:
main.(*runCommand).Execute(0xc0001d3d80, {0x2749d80, 0x2539201, 0xc0001d3d80})
/fapro/main.go:193 +0x11b6
main.main.func1({0x15de17e1cc0, 0xc0001d3d80}, {0xc000709740, 0x1, 0x0})
/fapro/main.go:375 +0x66
github.com/jessevdk/go-flags.(*Parser).ParseArgs(0xc0003d7730, {0xc00005c090, 0x7, 0x7})
pkg/mod/github.com/jessevdk/[email protected]/parser.go:333 +0x87c
github.com/jessevdk/go-flags.(*Parser).Parse(...)
pkg/mod/github.com/jessevdk/[email protected]/parser.go:191
main.main()
/fapro/main.go:378 +0x294
============================
配置使用默认生成。
你好想问下代码有开源的计划吗?想学习一波
hello, is the source code for fapro
available anywhere?
我在阿里云上部署了一个2G内存的节点,并开启了vnc服务。今天早上大概9点开始,它接收到了大量的vnc连接请求,直到中午1点左右宕机,内存占用从460M匀速上升到了1.8G。我查看日志时,message中是有close conn的,但是内存似乎一直没有被释放?
是我的配置有什么问题吗?配置文件只使用了默认的参数:
{
"handler": "vnc",
"port": 5900,
"params": {
"challenge": "0123456789abcdef",
"password": "1234561"
}
},
windows 11 无法在web页面关闭下列服务
127.0.0.1:53 | dns | UDPListen |
127.0.0.1:123 | ntp | UDPListen |
127.0.0.1:161 | snmp | UDPListen |
127.0.0.1:1234 | udp_echo | UDPListen |
127.0.0.1:5060 | sip | UDPListen |
终端程序报错刷屏
time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n"
time="2021-11-05T14:13:08+08:00" level=error msg="udp_echo read data error:read udp 127.0.0.1:1234: use of closed network connection\n"
time="2021-11-05T14:13:08+08:00" level=error msg="ntp read data error:read udp 127.0.0.1:123: use of closed network connection\n"
time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n"
time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n"
time="2021-11-05T14:13:08+08:00" level=error msg="snmp read data error:read udp 127.0.0.1:161: use of closed network connection\n"
目前的mysql、
Elasticsearch输出都会暴露服务器帐号密码,有一定的风险,能否支持使用通用的SYSLOG传输方式
虚拟网络生成的子网如何能被其他机器访问?
wiki里面只有几个协议的配置指南,其它的协议哪里去了?
目前测试用accounts参数,依然不支持为redis设置密码,请问有计划模拟redis认证吗?
"version": "0.63",
"hostname": "",
"network": "127.0.0.1/32",
"network_build": "localhost",
"geo_db": "./Country.mmdb",
"exclusions": null,
"storage": "mysql://root:xxxx@tcp(192.168.170.33:3306)/logs",
"use_logq": true,
"syn_dev": "",
"icmp_dev": "",
"udp_dev": "",
"cert_name": "",
INFO[0000] ip exclusions: []
use disk queue: true
INFO[0000] [LogQueue] use disk queue:-log-queue
INFO[0000] [LogQueue] runner exit.
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x961097]
请问如何解决?
我还没有开始使用这个软件。
我想做到的是需要模拟大部分软件类似 MySQL、Redis等然后测试代码连接timeout的情况。
我好像没有看到相关的配置,想问一下能不能实现这种测试
报错:panic: no active connection found: no Elasticsearch node available
参考以下资料,添加了如下一堆还是没修改成功
https://stackoverflow.com/questions/61455272/cannot-connect-to-elastic-search-no-active-connection-found-no-elasticsearch
https://www.cnblogs.com/xiaoff/p/9913544.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.host: 0.0.0.0
network.publish_host: 0.0.0.0
transport.host: 0.0.0.0
http.publish_port: 9200
通过本地模式, 只模拟了SRTP协议, 请问有较详细的一些配置说明吗, 比如内存划分之类的配置
另外这个协议模拟, 似乎只有日志记录, 比如我有写PLC的操作, 这个能模拟吗
配置如下
{
"version": "0.65",
"hostname": "",
"network": "127.0.0.1/32",
"network_build": "localhost",
"geo_db": "",
"exclusions": null,
"storage": null,
"use_logq": false,
"syn_dev": "",
"icmp_dev": "",
"udp_dev": "",
"cert_name": "",
"hosts": [
{
"ip": "127.0.0.1",
"handlers": [
{
"handler": "ge-srtp",
"port": 18245
}
]
}
],
"templates": null
}
There is only the installation package.
No source code, can you share the source code?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.