search

mushorg / glastopf

Web Application Honeypot
http://glastopf.org
551 stars 172 forks source link

Listening on multiple http and ssl ports #296

Closed vorband closed 5 years ago

vorband commented 5 years ago

For the sissden project, we modified glastopf to serve on multiple http and ssl ports. The following options are available while ensuring compatibility with old config files.

a) set the http port in [webserver]/port with a single or multiple ports, e.g. port = 80,8888,8080 => glastopf will run on http ports 80, 8080, 8088

[webserver]
host = 0.0.0.0
port = 80,8080,8088
...

b) use ssl on the above ports by enabling [ssl] enabled = True => glastopf will enable ssl on the above configured http ports 80,8080,8088

[webserver]
host = 0.0.0.0
port = 80,8080,8088
...

[ssl]
enabled = True
certfile = ssl/server.crt
keyfile = ssl/server.key

c) use distinct ports for ssl by adding the port entry, e.g. 443,8443 to the [ssl] section. The ports 80,8080,8088 from the webserver section will still deliver http unless the port is left empty (== ssl only) => glastopf will run http ports 80,8080,8088 and ssl ports 443,8443

[webserver]
host = 0.0.0.0
port = 80,8080,8088
uid = nobody
gid = nogroup
proxy_enabled = False

[ssl]
enabled = True
certfile = ssl/server.crt
keyfile = ssl/server.key
port = 443,8443

Like this, glastopf is compatible with old config files but also enables new configs to setup multiple new http/ssl listeners.

Further glastopf-runner removes RC4 in SSL as this broke ssl connectivity with contemporary clients and replaced it with AES256.

Finally, glastopf-runner now generates self-signed ssl certificates (issued to localhost) as soon as a path/filename is configured and no certificate-/ keyfile is present. Still works if configured with existing keys, but this enables dockerized operation with new keys generated upon every start (important for large-scale deployments).

glaslos commented 5 years ago

Can you also have a look into the failing tests?

glaslos commented 5 years ago

Have a look at this to get some of the test issues fixed: https://github.com/urllib3/urllib3/issues/1456#issuecomment-430404098

vorband commented 5 years ago

currently looking at the tests.

vorband commented 5 years ago

the urllib3 pinning seems to resolve the aborted nosetests.

However, I don't know what to do about the final tests results FAILED (SKIP=8, errors=5, failures=5) out of the 61 tests. Apparently, theses issues have been around quite some time.

vorband commented 5 years ago

thank you, @glaslos !