search

mushorg / buttinsky

Botnet monitoring is a crucial part in threat analysis and often neglected due to the lack of proper open source tools. Our tool will provide an open source framework for automated botnet monitoring. The modular design will allow full customization of the used protocols, the monitoring clients behavior, how we log the collected information, processing of the data to analyze the botnets purpose, size and threat and how the monitoring task are distributed between dedicated nodes.
http://buttinsky.org
GNU General Public License v3.0
79 stars 27 forks source link

TOR support #13

Closed glaslos closed 11 years ago

glaslos commented 11 years ago

Add optional TOR support to the network layer

adepasquale commented 11 years ago

I think this would be a nice feature. This way we could provide both anonymity and access to .onion resources (as those used e.g. in Skynet botnet). Would you like to implement a SOCKS proxy interface for routing connections through an external TOR client, or would you rather like TOR to be running inside buttinsky?

glaslos commented 11 years ago

I'd say running Tor "inside" Buttinsky would be overkill so I'd go with the SOCKS proxy approach.

adepasquale commented 11 years ago

Shall I just create another Socket object using Socksipy http://sourceforge.net/projects/socksipy/ or better https://github.com/Anorov/PySocks ?

adepasquale commented 11 years ago

Oh, and obviously load settings from config file.

glaslos commented 11 years ago

Haven't used either of them so feel free to select what you think suits you best.

adepasquale commented 11 years ago

I have used http://code.google.com/p/socksipy-branch/ as it could be installed with easy_install socksipy-branch. I still have to write the code to load proxy type, host and port from configuration file.

glaslos commented 11 years ago

This looks very good Andrea. I'll start adding tests this weekend and use Travis for build testing.