Replies: 1 comment 2 replies
-
|
Hi @vlashef, I hope you are well! I think that is a good new feature 😄 Can you explain me using real use case example regarding:
Thanks for your time Cheers Mario |
Beta Was this translation helpful? Give feedback.
-
|
On the HTTP front I was thinking more specifically for the PUT method where they directly try to place a file versus referencing it in the URI as a GET argument. On the SFTP/SCP yeah regarding the storage of the file itself as there is no other method to capture it (unlike if we see a curl/wget command for them to pull it down which could be captured separate in a post processing script that the person running a honeypot can do themselves). |
Beta Was this translation helpful? Give feedback.
-
|
Sorry for the delay, I think that is a good feature for beelzebub. |
Beta Was this translation helpful? Give feedback.
-
Is your feature request related to a problem? Please describe.
The problem is predominantly seen in SSH command logs where there are files referenced but no associated log of the SCP or SFTP of the file being placed.
The same can be applied to HTTP where RFI file attempts are logged but the contents of the files are missed.
Describe the solution you'd like
Add handler functionality for SFTP/SCP commands and store the files that are uploaded in a configurable file location.
Same functionality for HTTP.PUT
For the logging itself add the following fields:
FileName
FileHash
FileSize
FileType
Describe alternatives you've considered
Option potentially using zeek however the TLS interception implications to see the cleartext for file extraction seems overly complicated versus adding support in the honeypot itself.
Additional context
Add any other context or screenshots about the feature request here.
Beta Was this translation helpful? Give feedback.
All reactions