honeymap icon indicating copy to clipboard operation
honeymap copied to clipboard

Published 20 hours ago verified publisher icon fw42

hpfriends integration

Open honeymap opened this issue 11 years ago • 24 comments

I have been looking on the honeymap/hpfriends/heipei github for directions on how to install a very basic setup of honeymap.

but when running server/server, I get the following error:

2013/08/15 14:56:19 Binding Honeymap webserver to 0.0.0.0:3000... 2013/08/15 14:56:19 Connecting to hpfeeds.honeycloud.net:20000... 2013/08/15 14:56:19 Connected to Hpfeeds server. 2013/08/15 14:56:19 Received error from server: Authkey not allowed to subscribe here.

any suggestions? Also, is there a way to run my own hpfeeds server? Is it just a matter of deploying a hpfeeds instance?

Project looks cool, but wish there was more documentation.

honeymap avatar Aug 15 '13 22:08 honeymap

a little more info - in the hpfriends web portal, the error log states:

Message: Authkey not allowed to subscribe here. Channel: geoloc.events

honeymap avatar Aug 15 '13 22:08 honeymap

Yeah, looks like you didn't configure the authkey in your setup to be able to subscribe to geoloc.events. Have a look here on how to do that: http://heipei.github.io/2013/05/11/Using-hpfriends-the-social-data-sharing-platform/#authkeys

heipei avatar Aug 16 '13 07:08 heipei

Thanks.

so subscribe to geoloc.events. that seem to fix that error. now to figure out why the map is not displaying...

honeymap avatar Aug 16 '13 22:08 honeymap

Our main honeypot is down at the moment, so the number of hits on the honeymap is pretty low at the moment.

fw42 avatar Aug 17 '13 15:08 fw42

Thanks for the update fw42!

I'd like to run this in a sandboxed environment with zero internet access -- (testing functionality)

To do so, I was planning on running my own honeymap server, and dionaea server. It looks like I would also need to emulate the hpfriends services -- is this something I can do with the hpfeeds distribution on github? Super complex, or you think it would be fairly straight forward?

honeymap avatar Aug 21 '13 21:08 honeymap

hi,

should be map working at the moment ? (i mean local instances, not http://map.honeynet.org/)

i am running local instance, and no data shows wireshark shows just (what i suppose is) initial connection to hpfriends.honeycloud.net and then i don't see any communication

i tried this last week, also no data on honeymap, but hpfriends.honeycloud.net was transmitting data like: bytes_received: 211120126 bytes_sent: 9262638 published: 521662 received: 27956

any way to debug this ? i do not see any logs

katkad avatar Aug 26 '13 12:08 katkad

Hi,

if your setup is correct, you should see the same data as our honemap (http://map.honeycloud.net/), which is not a lot at the moment, since our honeypot is down due to hardware issues. But you should see a few events a minute at least I guess. If you want more, please consider contributing and hosting your own honeypot (and submitting your events to hpfriends).

Flo

fw42 avatar Aug 26 '13 12:08 fw42

Flo,

Is there a way to running your own copy of hpfriends (is this compiling hpfeeds off of git?), or is this currently not recommended? I'd like to run in a sandbox (no internet connection to use as a internal test tool)

honeymap avatar Aug 26 '13 13:08 honeymap

hpfriends is not open-sourced yet, sorry. Don't know how hard it would be to run hpfeeds on your own. @rep would know.

fw42 avatar Aug 26 '13 13:08 fw42

now i get it i have to publish geoloc.events via https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py and data shows

i see just data from our honeypots, probably because noone is sharing their data with me (i am using my ident and secret, maybe there is global one for this, which i don't know)

can you mention it in README so other people would avoid no data in their honeymaps ?

katkad avatar Aug 26 '13 14:08 katkad

Iam trying to get a local instance running as well. I am connected to the backend on both dionaea and the honeymap. Where does geoloc.py come into play.

RKStevens avatar Mar 06 '14 22:03 RKStevens

hello

1, download https://github.com/rep/hpfeeds/tree/master/examples/geoloc along with https://github.com/rep/hpfeeds/tree/master/lib into one directory 2, edit https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py with your credentials 3, run https://github.com/rep/hpfeeds/blob/master/examples/geoloc/geoloc.py along with honeymap server

geoloc publishes geoloc events, which are displayed on the map

katkad avatar Mar 07 '14 10:03 katkad

Thanks kat! After a few issues with importing GeoIP, I finally got geoloc.py running with my credentials but still no data on the map?

RKStevens avatar Mar 07 '14 22:03 RKStevens

it seems there is problem with broker. I can not authenticate. there are no events on http://map.honeynet.org/ too. I already contacted the right people.

katkad avatar Mar 12 '14 08:03 katkad

is this still broken? I just try the link and no data..

r3k2 avatar Feb 18 '16 04:02 r3k2

Hi, I guess it is down currently. I asked on ML, but no answer so far. Last event I received is from 2016-02-16 08:33:40.969085 CET +0000 .

katkad avatar Feb 18 '16 12:02 katkad

is there a way to get the main data to show on my honeymap instead of just my data? I think this is a threat related to that but not 100% sure.. if indeed is.. is there a howto somewhere? thanks! i'm using MHN server.

r3k2 avatar Feb 19 '16 06:02 r3k2

As far as I know, the broker is not down, it's just that nobody is sharing any honeypot data anymore via hpfeeds. One of the biggest honeypots (RWTH Aachen University) was shut down.

fw42 avatar Feb 19 '16 14:02 fw42

hmm I could share my data. I dont mind is not private, my personal honey pots are just for my own research.

r3k2 avatar Feb 19 '16 19:02 r3k2

@ChrisFernandez hi, you can sign up here (with your github account for example) http://hpfriends.honeycloud.net/#/home create keys, and share the data

But data distribution does not work. That's why I guess the broker is down. When data distribution will be OK, you should see something here https://honeymap.cz/ . I had no time to setup our own solution, so data on it is distributed through The Honeynet Project broker.

katkad avatar Mar 02 '16 09:03 katkad

Hello Katarine.. I don't see any link on that site to be able to register...

El mié., 2 mar. 2016 a las 1:46, Katarina Durechova (< [email protected]>) escribió:

@ChrisFernandez https://github.com/ChrisFernandez hi, you can sign up here (with your github account for example) http://hpfriends.honeycloud.net/#/home create keys, and share the data

But data distribution does not work. That's why I guess the broker is down. When data distribution will be OK, you should see something here https://honeymap.cz/ . I had no time to setup our own solution, so data on it is distributed through The Honeynet Project broker.

— Reply to this email directly or view it on GitHub https://github.com/fw42/honeymap/issues/9#issuecomment-191160183.

http://hispagatos.org http://binaryfreedom.info Free Software Foundation The Linux Foundation Electronic Frontier Foundation DefCon 617 user group I2p Network LibrePlanet rek2wilds, BBK https://twitter.com/B1naryFreed0m https://www.linkedin.com/in/chfernandez

r3k2 avatar Mar 02 '16 10:03 r3k2

Oh, really. There is no sign-in button now. I didn't notice before.

katkad avatar Mar 02 '16 12:03 katkad

@rep might be able to answer those questions

fw42 avatar Mar 02 '16 13:03 fw42

Thanks @katkad @fw42 hopefully @rep responds, I'm very interested, I have no idea of coffeescript, nor JS, so going to pay someone to update the honeymap on my fork, also notice that one lib that honemap depends on is a golang(that I do know) lib that is checking the google code site, I fork that project and did the right changes and have pointed my own honeymap fork to use my lib fork. so now I have it working locally to be able to work on it (I currently have an production one but is from the MHN project so they already fixed that). https://pot.hispagatos.org:8443/

r3k2 avatar Mar 07 '16 02:03 r3k2