search

toxyl / ossh

... is a dirty mix of honey and tar, delivered by a fake SSH server.
Other
2 stars 1 forks source link

Web interface #7

Closed toxyl closed 2 years ago

toxyl commented 2 years ago

Admin commands like my-little-pony are a somewhat hacky solution and come with their own potential (security) issues. Maybe we should make a web interface instead where one can get basic stats of an instance and edit its config. Using websockets we could also stream the logs to the web interface.

dylandreimerink commented 2 years ago

+1, I also have to say that the format of the captured payloads feel very off to me. I would prefer to just be able to watch the whole transaction input and output via a web interface. I suggest adding https://asciinema.org/ to it.

toxyl commented 2 years ago

asciinema looks cool, I like the idea of being able to replay the session. But for us it might not be quite suited since the sessions would be painfully slow to watch (haven't checked if that can be turned off, though). Also I would like to avoid a dependency on Python as it makes installing oSSH a bunch more complex / potentially error-prone. However, we could adopt the idea and make a simple non-shell-script capture format (could be a simple YAML e.g.) and a frontend component that can replay that data with a configurable speed per command as well as a full dump (with ACE Editor we can get nice syntax highlighting and I already coded custom highlighters with it). Then we could also, in a later iteration, add features like timestamp displays, attacker information (IP, port, session ID, ...) display, geo-location on a world map, and so on.

What should we use for the frontend? For my GORE project I've been using https://www.w3schools.com/w3css combined with raw JS / JQuery and Golang templating, which worked quite well for me. I could reuse that setup for a frontend.

dylandreimerink commented 2 years ago

As far as I understand it we just have to output files in this format: https://github.com/asciinema/asciinema/blob/master/doc/asciicast-v2.md We can determine the timing ourselfs, so we could for example always space the time between commands at 1 second for the reply. We can then play these files back using the player: https://github.com/asciinema/asciinema-player which we can embed in any site. No need for python anywhere.

toxyl commented 2 years ago

ah cool, much better. I thought we would have to use the recorder. I'll have a look at those :)

toxyl commented 2 years ago

I made a new issue for the recording format and assigned it to myself: #9

toxyl commented 2 years ago