This summer I want to do more botnet analysis. I’ve done some before with my rootonyour.webcam SSH log analysis sensor and server projects. This really only included geolocation and linked to Shodan information on running services. Cowrie is a medium interaction honeypot that can log login credentials and command execution and also capture downloaded files. I don’t prioritize availability with my self-hosted servers, so I’d rather put everything in the cloud.
This summer my servers are behind a firewall that I don’t control. I can request to have ports opened but it’d take a while and I like to have things under my control. I’ve tried setting up a reverse proxy before but the concept confused me and I never had a real use case for one.
When I started setting up a new network with ESXi, I wanted to make everything as uniform as possible. When I started up a new VM, I wanted to be able to SSH in as soon as it was ready. This plan was foiled by needing to log in through the console and get the IP or look at my current DHCP leases. Place these lines in
/etc/rc.local to show the IP address at the login prompt.
This pizza dough has been the best so far in my quest for the perfect crust.
I write a lot of Python scripts that interact with websites using the requests module. To figure out the requests I need to make for say, logging in, I do the process manually while Burp Suite is running and then model it. It wasn’t until a few days ago while debugging that I wondered if I could proxy my Python programs to make sure it was sending the correct data.