Malin/krawl.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add configurable HTTP Server header for deception

Browse Source 
Add SERVER_HEADER environment variable to customize the HTTP Server
  response header, defaulting to Apache/2.2.22 (Ubuntu). This allows the
  honeypot to masquerade as different web servers to attract attackers.

  - Add server_header field to Config dataclass
  - Override version_string() in Handler to return configured header
  - Update documentation and all deployment configs
This commit is contained in:
Phillip Tarrant
2025-12-26 07:53:05 -06:00
committed by Patrick Di Fazio
parent 7916932ea7
commit 1486dfc913
8 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/config.py
View File

@@ -21,6 +21,7 @@ class Config:
api_server_port: int = 8080
api_server_path: str = "/api/v2/users"
probability_error_codes: int = 0 # Percentage (0-100)
server_header: str = "Apache/2.2.22 (Ubuntu)"
@classmethod
def from_env(cls) -> 'Config':
@@ -44,5 +45,6 @@ class Config:
api_server_url=os.getenv('API_SERVER_URL'),
api_server_port=int(os.getenv('API_SERVER_PORT', 8080)),
api_server_path=os.getenv('API_SERVER_PATH', '/api/v2/users'),
probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 5))
probability_error_codes=int(os.getenv('PROBABILITY_ERROR_CODES', 5)),
server_header=os.getenv('SERVER_HEADER', 'Apache/2.2.22 (Ubuntu)')
)

4
src/handler.py
View File

@@ -48,6 +48,10 @@ class Handler(BaseHTTPRequestHandler):
"""Extract user agent from request"""
return self.headers.get('User-Agent', '')
def version_string(self) -> str:
"""Return custom server version for deception."""
return self.config.server_header
def _should_return_error(self) -> bool:
"""Check if we should return an error based on probability"""
if self.config.probability_error_codes <= 0:

1
src/server.py
View File

@@ -32,6 +32,7 @@ def print_usage():
print(' DASHBOARD_SECRET_PATH - Secret path for dashboard (auto-generated if not set)')
print(' PROBABILITY_ERROR_CODES - Probability (0-100) to return HTTP error codes (default: 0)')
print(' CHAR_SPACE - Characters for random links')
print(' SERVER_HEADER - HTTP Server header for deception (default: Apache/2.2.22 (Ubuntu))')
def main():