search

mandiant / flare-fakenet-ng

FakeNet-NG - Next Generation Dynamic Network Analysis Tool
Apache License 2.0
1.8k stars 361 forks source link

Release version does not allow custom listener development #10

Open strictlymike opened 7 years ago

strictlymike commented 7 years ago

The release binaries currently don't allow custom listener development because they don't import .py files. Furthermore, no sample code is present in the release archives which I think will make it harder to hack on FakeNet once that is rectified.

It would be nice to revisit the release process to (1) allow users to directly add new listeners to the release version and (2) include the .py code for the "stock" listeners alongside the release binaries as a body of examples and so that users can directly modify the stock listener code if desired.

strictlymike commented 6 years ago

@tankbusta notes that creating a fakenet/listeners folder in the same directory as the EXE and adding an updated __init__.py does work.

tankbusta commented 6 years ago

Part of the refactor process should include fixing up the imports; using absolute imports (here is a good resource). This should help with custom listeners.

We could also modify how fakenet loads listeners along with how their defined in the configuration file to something like this.

Current:

[HTTPListener80]
Enabled:     True
Port:        80
Protocol:    TCP
Listener:    HTTPListener
...

New Method?

[HTTPListener80]
Enabled:     True
Port:        80
Protocol:    TCP
Listener:    fakenet.listeners.HTTPListener:HTTPListener
...

The Listener directive under each Listener would now be an absolute import import fakenet.listeners.HTTPListener as listener. The colon HTTPListener would tell the importer that the expected class to get in initialize is HTTPListener.

We could make some assumptions if Listener is set to HTTPListener like the current implementation, that the path would be fakenet.listeners.HTTPListener with the class name being HTTPListener (as I believe this holds true to all listeners now)

I think this approach will allow people to create repositories with their custom listeners (to implement say a C2 listener) and separate their changes from the base code.

Thoughts?

strictlymike commented 4 years ago

This is partially alleviated with the HTTP custom listener feature which is a light-weight pattern for having a given listener delegate specific processing to a specified Python file. This is convenient because customizing HTTP is the most common case. It would be nice to do this for the second most common case as well, TCP.

strictlymike commented 4 years ago

Not to mention, the API is simpler for newcomers to casually develop to, which is something I thought would be nice when I first tested FakeNet-NG