I want to analyze the transferred data between a client and a server with socat. I’ve managed to set up socat as a man-in-the-middle with the following command:
socat -x -v OPENSSL-LISTEN:4443,reuseaddr,verify=0,cert=server.crt,key=server.key OPENSSL:server.example:443,verify=0
Although I can see the transferred data, I want to send it to a script to process it for a later analysis.
Does anyone know a solution so that I can send each transferred data packet to a script?
I’ve found a solution that allows to log the transferred data into files using tee:
socat OPENSSL-LISTEN:4443,reuseaddr,verify=0,cert=server.crt,key=server.key,fork SYSTEM:'tee requests | socat - "OPENSSL:server.example:443,verify=0" | tee responses'
This is one step closer to what I’m looking for.
Related
I am trying to run a series of commands to configure a vlan on a Dell EMC OS10 server using Paramiko. However I am running into a rather frustrating problem.
I want to run the following
# configure terminal
(config)# interface vlan 3
(conf-if-vl-3)# description VLAN-TEST
(conf-if-vl-3)# end
However, I can't seem to figure out how to achieve this with paramiko.SSHClient().
When I try to use sshclient.exec_command("show vlan") it works great, it runs this command and exits. However, I don't know how to run more than one command with a single exec_command.
If I run sshclient.exec_command("configure") to access the configuration shell, the command completes and I believe the channel is closed, since my next command sshclient.exec_command("interface vlan ...") is not successful since the switch is no longer in configure mode.
If there is a way to establish a persistent channel with exec_command that would be ideal.
Instead I have resorted to a function as follows
chan = sshClient.invoke_shell()
chan.send("configure\n")
chan.send("interface vlan 3\n")
chan.send("description VLAN_TEST\n")
chan.send("end\n")
Oddly, this works when I run it from a Python terminal one command at a time.
However, when I call this function from my Python main, it fails. Perhaps the channel is closed too soon when it goes out of scope from the function call?
Please advise if there is a more reasonable way to do this
Regarding sending commands to the configure mode started with SSHClient.exec_commmand, see:
Execute (sub)commands in secondary shell/command on SSH server in Python Paramiko
Though it's quite common that "devices" do not support the "exec" channel at all:
Executing command using Paramiko exec_command on device is not working
Regarding your problem with invoke_shell, it's quite possible that the server needs some time to get ready for the next command.
Quick-and-dirty solution is to "sleep" shortly between the individual send calls.
Better solution to is to wait for command prompt before sending the next command.
We have a redis database running on our server, but for some reason, I cannot see any keys in our database. I'm just wondering if redis stores an activity log, where I can trace if and when the keys were deleted?
I have the usual log file for redis, at /var/log/redis.log but that doesn't have the information I am looking for.
I think there is no straight forward way to log everything but here is a hack.
$ redis-cli monitor >> ~/my_redis_commands.log 2>&1
Here >> tells OS that the output stream has been changed from monitor to a file and 2>&1 tells to redirect STDERR to STDOUT.
n>&m Merge output from stream n with stream m.
Note that file descriptor 0 is normally standard input (STDIN), 1 is standard output (STDOUT), and 2 is standard error output (STDERR).
Go and see the content of file in some SSH session for debugging.
$ tail -f ~/my_redis_commands.log
or you can use grep to find "DEL" instead. You can see the list of commands supported by Redis and try grep queries like SET, GET, etc.
$ grep '"DEL"' ~/my_redis_commands.log
Cons of this idea are:
You need to run a separate process to do this
It's memory and CPU consuming
single MONITOR client can reduce the throughput by more than 50%. Running more MONITOR clients will reduce throughput even more.
For security concerns, certain special administration commands like CONFIG are not logged into the MONITOR output
See this for more info https://redis.io/commands/monitor
The INFO command can be used to glean some forensic info when used with the all or cmdstats switch - you'll be able to see counts of all commands including offensive ones.
Keep in mind that this could be the result of an unauthorized intrusion and that your server may have been compromised.
I am working on Raspberry PI B+.
I have to get the current location of the system in python.
Is there a way to do that without using a GPS Module ?
The PI is always connected to the Internet
Take a look at the GeoIP2.
It won't work like a GPS but depending on the purpose, might be useful.
If you have a Wifi network adaptor connected, you can query Google's geocoding API with the access point data to get location.
The following command line will retrieve the location:
sudo iwlist wlan0 scan | sed -E '1s/.*/{"wifiAccessPoints":[/;s/^ *Cell.*: (.*)/{"macAddress":"\1",/;s/^ *Channel:(.*)/"channel":\1,/;s/^.*nal level=(-[0-9]+) .*/"signalStrength":\1},/;/^ /d;$d' | sed '$s/.$/]}/' | curl -d #- -H "Content-Type: application/json" "https://www.googleapis.com/geolocation/v1/geolocate?key=${APIKEY}"
You'll need to set the APIKEY environment variable. You can get an API key from https://developers.google.com/maps/documentation/geocoding/get-api-key.
curl https://ipvigilante.com, this is the best you can do.
I don't know the application, but this is close enough to freak me out.
html5_geolocation_watchposition
Click the button to Try it; Share you location with w3schools.com; Modify the script in the other panel of the webpage to suit.
Edit: Sorry, just noticed the "in Python" but will leave it up.
I use theos a lot in creating jailbreak tweaks and to debug I have been using the built-in %log, and following all messages through the mac terminal by SSHing into the iphone and watching the output by using socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock >watch.
Now, when using this type of logging, you get every single update made to the syslog itself, which is a lot of information that I usually don't need(want) to see. I really just want to see what pertains to what I am logging.
My question: is there a way to debug my tweak connecting through socat to a custom log? Where only my updates are being logged?
You can use "socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock | grep YourApp" for parsing
I'm sending a command to a Mikrotik router using Telnet.
telnet 192.168.100.100 -l admin
Password: pass1234
[admin#ZYMMA] > /interface pppoe-server remove [find user=aspeed13]
[admin#ZYMMA] > quit
It works fine.
Now I want to automate it using expect tcl script:
#!/usr/bin/expect --
spawn telnet 192.168.100.100
expect "Login:"
send "admin\r"
expect "Password:"
send "pass1234\r"
expect "\[admin#ZYMMA\] >"
send "/interface pppoe-server remove \[find user=aspeed13\]\r"
expect "\[admin#ZYMMA\] >"
send "quit\r"
It works, but after authentication (line 6: send "pass1234\r") when the Router CLI is loading it freezes for ~10seconds with the following characters ^[[?6c^[[24;3R
Then the scripts runs ok.
My question is why Telnet loads fast when accessed manually and it takes too much time when accessed via expect script? I read in forums about telnet automation they say telnet is slow, but since manually it's too fast why it takes time to load with expect?
What you're seeing is blow-back from terminal negotiation, which is because you're not running in a real terminal. (Strictly, you are – that's expect's magic – but it's not behaving as a normal terminal does.)
The easiest fix is to set the terminal to something else before spawning the telnet session, e.g.:
#!/usr/bin/expect --
set env(TERM) dumb
spawn telnet 192.168.100.100
# Rest of your script goes here ...
Alternatively, you could try to respond correctly to the request to enter VT102 mode and the report of the cursor location (which feels like a lot of work) or you could rewrite your code so that it does everything inside interact (which connects the other end with the real terminal that you're running inside). But if setting an environment variable fixes it, why go to all that extra hassle?
(NB: I suggest setting the terminal to dumb here, but the key is that you want the stupidest terminal that works. Dumb terminals are ideal, because they're just about totally stupid, making it easy to pretend to be them…)
My answer is possibly too late. This is "Telnet autoconfig command"...I was this problem and found at Mikrotik Wiki this solution:
Add +t after login name. This switch autodetect to off.
Example:
send "admin+t\r"
It is works great and not "wait cca 10 sec" after login by expect.
There is link to Mikrotik WiKi help with more "switches":
http://wiki.mikrotik.com/wiki/Manual:Console_login_process#FAQ
P.S.: Sorry for my English.
Did you try with netcat, with telnet emulation enabled?
A little bit late to answer.
But if you want to speed up your character input with expect.
Try to generate the script with "autoexpect" command, which will save the
interaction in a file named "script.exp" in the same directory from where
you ran the command.
For instance:
cd $HOME
autoexpect telnet 192.168.100.100
# some more telnet commands here
exit
All the above commands will be saved in ~/script.exp
About Tcl, I don't know if ths script can be ran via tcl.