Hello, first of all, many thanks for this really impressive work!</p

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

How to change port for some Server Modules? about chameleon HOT 7 CLOSED

qeeqbox commented on May 31, 2024

How to change port for some Server Modules?

from chameleon.

Comments (7)

giga-a commented on May 31, 2024

Hey @AntoninHL!, I will make some changes in the next week or so (This will allow users to change a port or disable a server)

from chameleon.

giga-a commented on May 31, 2024

@AntoninHL I have added some changes that allow you to do that

Check out the configuration file

That file will have an entry named honeypots, you can choose what honeypots to keep, disable, or change a port

{
	"logs":"db",
	"logs_location":"",
	"host":"chameleon_postgres",
	"port":9999,
	"username":"changeme027a088931d22",
	"password":"changeme0f40773877963",
	"db":"chameleon",
	"interface":"eth0",
	"honeypots":"ftp:21,ssh:22,telnet:23,smtp:25,dns:53,http:80,pop3:110,imap:143,https:443,postgres:5432,smb:445,socks5:1080,mysql:3306,vnc:5900,redis:6379,httpproxy:8080"
}

from chameleon.

AntoninHL commented on May 31, 2024

Thanks @giga-a

But seems that config.json is not taken into account by ./run.sh auto_configuration command...

config.json file:

result:

I don't really understand why...

from chameleon.

giga-a commented on May 31, 2024

Hey @AntoninHL

Thanks for getting back to me!

I don't really understand why...

The ./run.sh auto_configure command uses different configurations file (docker-compose-dev.yml). It publishes any port defined in the ports element.

If your host is running ssh on port 22 and docker-compose-dev.yml has '22:22' in the ports element, it will show something like

ERROR: for honeypots  Cannot start service honeypots: driver failed programming external connectivity on endpoint chameleon_honeypots_1 (34a10704281a3b9ac7cfd4801b9230493b89223b0e2818e2fe953af4578ccb27): Error starting userland proxy: listen tcp4 0.0.0.0:22: bind: address already in use

If your host is running Apache on port 80 and docker-compose-dev.yml has '80:80' in the ports element, it will show something like

ERROR: for honeypots  Cannot start service honeypots: driver failed programming external connectivity on endpoint chameleon_honeypots_1 (4cd76dcc58a75d26ab268c01606839ecc380b629f39706032607598969f85a14): Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use

And so on,

To fix the issue, remove the service port from the ports element in docker-compose-dev.yml

Instead of this

    ports:
      - '21:21'
      - '22:22'
      - '23:23'
      - '25:25'
      - '80:80'
      - '110:110'
      - '143:143'
      - '443:443'
      - '445:445'
      - '1080:1080'
      - '1433:1433'
      - '3306:3306'
      - '3389:3389'
      - '5900:5900'
      - '6379:6379'
      - '8080:8080'
      - '9200:9200'

ftp, telnet and smtp only (Add your desired ports, but not the ones that cause the issue)

    ports:
      - '21:21'
      - '23:23'
      - '25:25'

And everything should work correctly

postgres_1   | WARNING: no logs are available with the 'none' log driver
grafana      | WARNING: no logs are available with the 'none' log driver
honeypots_1  | Your IP: 172.25.0.2
honeypots_1  | Your MAC: 01:01:01:01:01:01
honeypots_1  | Wait for 10 seconds..
honeypots_1  | honeypotslogger_main_c18e2e91 - Waiting on postgres connection
honeypots_1  | honeypotslogger_main_c18e2e91 - postgres connection is good
honeypots_1  | honeypotslogger_QFTPServer_915217dc - Waiting on postgres connection
honeypots_1  | honeypotslogger_QFTPServer_915217dc - postgres connection is good
honeypots_1  | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 21, "server": "ftp_server", "status": "success", "username": "test"}]
honeypots_1  | honeypotslogger_QTelnetServer_ccb241cd - Waiting on postgres connection
honeypots_1  | honeypotslogger_QFTPServer_5f234b9a - Waiting on postgres connection
honeypots_1  | honeypotslogger_QTelnetServer_ccb241cd - postgres connection is good
honeypots_1  | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 23, "server": "telnet_server", "status": "success", "username": "test"}]
honeypots_1  | honeypotslogger_QSMTPServer_741df1eb - Waiting on postgres connection
honeypots_1  | honeypotslogger_QTelnetServer_ffb037d1 - Waiting on postgres connection
honeypots_1  | honeypotslogger_QSMTPServer_741df1eb - postgres connection is good
honeypots_1  | ["servers", {"action": "process", "ip": "0.0.0.0", "password": "test", "port": 25, "server": "smtp_server", "status": "success", "username": "test"}]
honeypots_1  | honeypotslogger_QDNSServer_9402f454 - Waiting on postgres connection

The fix above is super easy - however, there are other options to fix the issue, but they may take more steps:

Disable the service on your host
Change the host service port on your host

Please let me know if that works for you or not?

P.S. I will push an update by the end of this week which handles that automatically based on the config.json

from chameleon.

AntoninHL commented on May 31, 2024

Hi @giga-a

Awesome.
Understand now.

Another "small" question: is it possible to change the network interface?
For example, instead of eth0, specify ens3 or eno1.

Once again, I changed config.json, but no effect.

Many thanks.

from chameleon.

giga-a commented on May 31, 2024

@AntoninHL you are very welcome!

I'm pretty sure that you can change the interface to anything you want - I will take a look and get back to you tomorrow morning :)

from chameleon.

giga-a commented on May 31, 2024

Hey @AntoninHL, sorry for the delay - I had to push some new updates to both Honeypots and Chameleon

For example, instead of eth0, specify ens3 or eno1.
Once again, I changed config.json, but no effect.

The network interface is used for QSniffer module, it's for monitoring the network traffic for loose creds etc.. This module can be disabled if you are running into issues with it (I will add an option to disable it). My only guess that you are probably changing that network interface to a local network interface instead of the ones listed in the docker container. I could be wrong though, but I believe it will be easier to resolve after the new update.

The new update should handle your ports issue. When you deploy Chameleon with ./run.sh deploy it will adjust a copy of docker-compose-dep.yml with the ports listed in config.json. If you have ftp honeypot in your config.json, then ftp honeypot port will be published only and so on
If you pass ens3 and ens3 does not it exist, then there will an error in your terminal + all available interfaces.
I added more honeypots, changed some Grafana settings and added syslog logging
There is no more ./run.sh auto_configre and ./run.sh auto_configre_test -> I replaced them with ./run.sh test and ./run.sh deploy

Please let me know if you are running into any issues with the new update so I fix it

Cheers 🍻

from chameleon.

How to change port for some Server Modules? about chameleon HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent