Skip to content

Instantly share code, notes, and snippets.

@irinil

irinil/GSoC_2020_HosTaGe.md

Last active June 2, 2021 18:52
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save irinil/fc48872704ec7414c4035e9f7297e9d9 to your computer and use it in GitHub Desktop.
Save irinil/fc48872704ec7414c4035e9f7297e9d9 to your computer and use it in GitHub Desktop.
Download ZIP
GSoC 2020 - HosTaGe: a mobile honeypot
Raw
GSoC_2020_HosTaGe.md

HosTaGe: a mobile honeypot

Project Description

HosTaGe is a low interaction mobile honeypot for Android devices. The idea is to have a fast, on-the-go honeypot that emulates most modern protocols. Hostage is already mature and this project will be focusing on its improvements (e.g. IoT protocol support, visualizations, security features, etc.).

Source code of this project can be found here.

Goals and Challenges

The project goal was the improvement of HosTaGe and launch as part of the Google playstore as well as part of the Honeynet Project arsenal.

The completed challenges for the project are the following:

New Features This challenge includes all the new features that are introduced.

  1. New Protocols simulation The app now fully simulates 3 new IOT protocols: MQTT, CoAP, AMQP.

  2. New Systems Simulation Four new systems are added: MQTT Broker, MQTT Temperature Sensor,ESP8266 Smoke Sensor and an Arduino system.

  3. hpfeeds integration The app now integrates the hpfeeds publisher, which can be enabled from the Settings of the app. With this publisher we can publish the attack records captured by honeypots to a central attack repository.

  4. Use on Unrooted devices The app can now simulate all the protocols in an un-rooted device, with the allocation of all the <1024 to random ones with a greater number.

  5. Compatibility for Cellular Networks Compatibility for cell networks was added. Now the user can use the app in a 4g or 3g network.

  6. GreenDao Integration GreenDao ORM integration was added for better performance and faster queries for the local database.

  7. Pagination Data pagination was implemented. The records are not all loaded simultaneously but they are added gradually with scrolling, when a user access them.

  8. Crashlytics-Firebase Firebase and Crashlytics sdks added.

UI Improvements and Compatibility Checks This challenge focused on improving the app UI and solving compatibility issues

  1. Material Design Material Design library was added, and UI improvements were implemented including new buttons, colors, dialogs etc.

  2. Compatibility The app now has targeting the latest 29 sdk with minimum support for 24 sdk. Also, Android X migration was added.

  3. Logging The logs are showing the IP address as a header.

Bug Fixes & Maintenance This challenge involved bug fixing and maintenance of existing services of the app.

  1. Bug Fixes – Issues A lot of bugs are fixed including runtime errors from background services that the needed new permissions.

  2. Fixing Broken Protocols Some protocols were broken due to old libraries or bugs. These were SMTP, SMB and FTP. They are now fixed.

  3. Rooted phones issue They were issues for rooted phones and therefore the services were not bound to the default ports. The script for the rooted phones needed an upgrade. A major issue was that a lot of phones were missing the iptables library. An api was introduced for this purpose that installs the needed libraries and executes every iptable’s command separately.

  4. Permission Dialogs Permission dialog now included with a redirection functionality in the App Settings when a user denies them. The permissions were for Location and External Storage writing.

Maintenance Maintenance tasks included upgrade and refresh of API keys and references.

  1. Update of API keys Google maps key was updated, also HTTPS certificate was replaced.

  2. Update of Libraries A lot of libraries were upgraded and removed.

  3. Deprecate old features This includes the synchronization of tracing monitor and the bro-signature feature. The GHOST protocol was also disabled.

  4. Test Libraries Test frameworks added for the main functionality of the app like Espresso, Robolectric and PowerMock. Also, a python script was added for a full live-attack test.

  5. Memory Leaks-Performance Optimization A lot of memory leaks are now fixed. Memory consuming MultiStage Service was disabled from default. Thread concurrent modification exception error fixed.

Publishing on the Play Store The app will soon be available on Google Play Store.

Mentors

Pull Requests

  1. aau-network-security/HosTaGe#7
  2. aau-network-security/HosTaGe#35
  3. aau-network-security/HosTaGe#57
  4. aau-network-security/HosTaGe#93

Commits

  1. d8f2075159b5e7dab70af48934d03301859d4c04
  2. b991b48899aa878842175f57380c2b60093b568f
  3. c10a7f8c412aec46850e95d318531a6952a7c0de
  4. 27864f7d91b0d877fd5a047e83eb2224d713af13
  5. e47578e5ab421fe30812d646c20e433cb6467824
  6. e7a2a6930ccf066ada142d921c970b2c76f53638
  7. 61d41a362e3d0232bdebcde86758718f028890a5
  8. 07c7d48a9bd34ff1ee2299423fe66c7caa7bdcb8
  9. 62f83b69850d9cc2b5a947a862152a2fea9fad91
  10. f2c70cca84a6d81839a78af4ce29e9fe98132200
  11. c332a77008649f88b124cd780c7a57020cdb68ac
  12. 64302f379b04e94e786107e770dee5955deb2d45
  13. 80263123af793cf00b12f5181d051bbf79a6008b
  14. f03032871007ab2079fee3f0ab8b30e00674be2e
  15. df0cb959f9637c0a4dd30a79f39157222b7aae21
  16. 4478b0a5a6e9effac95e9ee22b9b84ce2d359b7d
  17. a024d83149940471a366d25532724492c171cd9e
  18. a22329c07ef1ffb85845919e1164ae030963d8c5
  19. 844fc10683e624af00a9f3fd1ec73b355271ed11
  20. 18c35362f2f3621ed4d1e2513ea8c8709e036d62
  21. d797f03bd481111f59e4a952cf85e4d2efed2e98
  22. 4b3d0a92c66d1642ef6564093f2ea0e6bee45aa6
  23. 1791d0ef9c7627afbc69203ab6e4653300deace2
  24. 1b5d13b8f8655c2ff9f00580e932ae3a939baf86
  25. d8b154b270b9f32bb61d66e5668943a5ff584a6e
  26. 8e77375ca3ac8c3f9043699e11b5769edeb48571
  27. 73beea838b93dd226489cb39ac6ab88ddbce0c5d
  28. 41f1263c75a19eb281f06ec4fada85501fc9c0b5
  29. e37ac0815005bb0f9d53a82ad1e072c49ce7d24d
  30. d189882769299d7b6cc28ab94777f52a628d07b7
  31. ef9721903158f0b4fec4310362d3c34173779f6b
  32. 044e8061979d6b998e81d3b193f3e1f7201bf1b2
  33. 6dc5e47848ca06b27921f374b4c17ace9870c02e
  34. 2b417b51d6cb927d456a3d68a9e9b528a0c6aedd
  35. 9b3f50d9c7ca2b5f2af3a02aa74c5f3b05eee637
  36. fb1312ec3fe50354365e5ed6e0336cc7023b4ce0
  37. f0ad6e7a7d8cd25571cd0a13ec387b2cd4b96e80
  38. ece1d703fbf65602841b4e489371de6b9918d804
  39. 7db7cc9e83a0363b8d3157c3399c286483bfa02b
  40. bec36c1656d3654dc565bf824d6ef77425311cc9
  41. fe19eb5fb979ae8bdda5adbb63f7a84200600240
  42. 6441d2dafb83eb6e9fa7350fb152efc978ff4776
  43. 74179be92153b1bdf1226e0cb8ec07a677c06400
  44. c8da886240301fa4497af1d5a6e597adce1ebcee
  45. 3b3a2167b973bfc49c9cb037be491e0fe44f4213
  46. c9484ee443764f123e070eb01e0dc87729d0ed34
  47. 4605ca6b34d800b20715bc4a23e118318040921a
  48. f094d91f62aa5abdefb02b1a43af5b0cff10d73d
  49. 243a3bc65770c597d0c5505e48366e749f767527
  50. 9d6549e89fb0931c953ea57fb336d2f7ff14b8b1
  51. 2a7a11e5d36bf66d2accf39a863b939d830c83c6
  52. 6e13b3162af363a88552e85d07e9d1550326ed38
  53. 6300999de8095a690e3fb3c392b0a0432bbed4d2
  54. 09621950c9109e0796ad8af344be29f3e54256bc
  55. 7cf0e9fcbaef10a7e67a9c456724059b50fa34d3
  56. a25e5ab577049d9ad9d19121bcf8b9d690434a90
  57. e0a3c836a8850f263e9074a6146908a5030d4862
  58. df02055b0c238bf5b7103ca53884a8dc61904ea6
  59. 96b77e4a795435c6740841cc8775ca99447d3542
  60. 4bdda3b33214161cfbb57baaa422ef1b2aeebd60
  61. a67e73d8c6cb3f377c42fc6c38db7035167a06a5
  62. df0078b454c30817fcd21176d2b33efb5211627f
  63. 7b4a0dee2ed8550c9116c4b617f5faf098f40433
  64. 4eb7f6b1947b0e1cb32c9abba2a6bd8079c403a8
  65. 5ab945a18390e83710457ecdf6ff7a182687b81b
  66. 15836b828422e77748a010da150741c3f82f6ca6
  67. 9c37211fc618cb167c47c9ca3fe384c53af19f54
  68. 31e1c9df5cff88fdd35339ac7aa401d6373e5e97
  69. 9cc8accf6dfd37d218f0f915c96117441c856f9d
  70. f05b15497b0478bc8d0621f078d5cd5e91cf83d6
  71. 4c2dff2b93ae156cd5cef066fc12508fbff72926
  72. b13ab65f41e9e94cf3a8862fc2f4f925e365355e
  73. 34915182ad3059be7685c59da8c13cf21574ec32
  74. 76666af3e839c7dceeb82041ac2b99cf6c4238af
  75. 3ed234bd64c71d6d7ff8b9ae01a5e6d5f0a0d2c9
  76. a6ea3e592696cc1c665c512c201908c497db39c3
  77. a2df088f97e60463de63945e38d1fb9486590aa6
  78. 9b078afebf1cd9766a6314155b7ab3b06d9f69a1
  79. 856ac7198380e6f1e2dbbfd8672350b5bee4f436
  80. f67103d3bc945e6d5c6612db4b1d07a0feb43ced
  81. a78708a402b07ab47260097c4eb01212292ada6e
  82. d5084472be7784efbc2124c84b8d75c29acc4b38
  83. b7bcb3fa62022663cfb4a563c02f134863049a68
  84. 282e069e7afd3c5f0dceb07b321a34ad85fd8745
  85. a0b1d55febeb492bd6b20f45733152fe2cd4423c
  86. cf5010cd62608fcadb7b4aa1b674de5605d6da8e
  87. d9652215498754392a4931c5946d30d414ade675
  88. b17c0b9ec6fa4685eac9d9f6f5c22b934e29bfdf
  89. eb85820b6a960ac2128e61f8f617458876a521d7
  90. 6c316be085e787f6b897cbffb5c05cb6e776ec43
  91. 14cfa99f10e946a1c87075a73fbd257b66f2c7c5
  92. 0592726794b6c66896c70dcf57bf243b6224d41e
  93. df1cc5186497660f167e2d0c742abb8eb638eff2
  94. 32ba57f47b14e143855cb7af0147afae1b64c1eb
  95. 350a564f4bbcb8ca245284f996fc50eba04f017d
  96. ade45bc895a3b72ade18664a19eac7048a9776d6
  97. e5d3a470d944b6ed9830e840c00683e1fa1bf5f3
  98. fdc45c66b3c2b41795a68c7522be557dff50fd4c
  99. 6f08d28ea8cfeb24804eda20148dc3abe3ed1098
  100. e090951aaf402aa28cd690ee9162abcb5d556d01
  101. 7578abadf961ae374e85b4326c9915a98df64f6b
  102. 3a0685ffd8b1cc984dbfe92c1b51a933240718e4
  103. 360e66b4b28f3d44e7deb7d74777410716992301
  104. baaae12921ed7fa53f4be97191a1c5477cda5e7f
  105. e93704af5cb17431a58c82999dc18c541aa07aa6
  106. 1e032f16a111a7aad641b7f698450d7da48e7734
  107. 4c7a52930c67700930f3bfd6eebbcf1f37171922
  108. 1ac4c5578f53557057cbe99d4b5bc18f36bc26b6
  109. b88b412370ecbf01d525ca97d4c842e24dabeb15
  110. ff6e686e7e3812467ca680e5e58145fdab307664
  111. e384ca587ab3cdc57000360a79a104c8cd61978d
  112. 141bc43db67f259aa00295b83f2ea1ba71772e2e
  113. c480abd7f4871105dfd31bb3a8d32a9625af15bd
  114. 2a84a13220db7cf73ddd376a22161e0f8902c907
  115. 7c7b4c411d572b26c3508f06c0d9cb88a7fb0c6a
  116. eaa95d1792c833f3639fc15f91f3643e9717173a
  117. a03b3285c3c5c682943ffc4146ac9f653251935a
  118. ef5c6918604e1aa54c41ee80407c06a7e6872791
  119. 9b0b95507c1db55b23ab1a8afa3f99b329da4425
  120. a2b4a9b9ed4d021e06d72fe576f0d1d543a4f86a
  121. a9025ad4165c77533dfeaa66f87cbbdb544040d2
  122. 34d836aba722dad6fcdd8fa16778e378477b3762
  123. f7cb9f053d687efe9347eb62efea06c7c69a04ae
  124. 5b4a4848156a6a6d59df4363179e3925e75c5d22
  125. 8719d998ee4b1f40056a25b7b12ed35d90603761
  126. 1d1ed84e8fc1d80de55263610ccb46b0bb5d5308
  127. 0a2b73c1ae062c3a38a02825c6934ab83ecffe60
  128. 2349d2e0bc67f2eeed5385ab5fff85e33ec6ed0f
  129. 5b677b9e44006de44ebe74e3d42f6e146733cdec
  130. ff35932b4cda3cbca1b4a6b57c6ce7a6d8f5e040
  131. fef1d8deb14abaead4f5aebf7035503e9240c212
  132. 864c474c935140f48bcbde227749c61fcae10962
  133. f5d25dc5b2abb541b8a64893eb78a7118b467d25
  134. 54cf545c57e4efd695ca4568727374b645ab6509
  135. 7c50734ba173aa883ba3af708eb65e5177a89d24
  136. 2228f75da0004ca5f56771cb0269c2b6e132f014
  137. 79f2f51a4e15de719706c8cc36c3e18c387a55e9
  138. 8d600163c5fce3b80bdf331b9d90a704fc89611f
  139. 69e792f051f19c5f6305053206b484e624705bdc
  140. 98ed15f3d1944c4e8cfcc6275a38821c1f4abfff
  141. 8a6c3a20c423736c7546d0236bdb6973f609bfcc
  142. 317870767fc4600a7085d3ff077abab3196562ac
  143. b2be6265866aaf1f444804bbdcde57de1516ac90
  144. 1a48aa5f1c0c7934e731f5045af61a18c10d147b
  145. 6d888916e2ec3273bca8b317a0fc3042c52c38b4
  146. 8df88aeb78a2d4923f935b288b59e6cee149a1f0
  147. dd6dcc5658b047395af99971fa9c061aef8a3e59
  148. 9d609440d0487adfff31b86c115a904d862be2fc
  149. 8d73074bb4997e21ab5e6d574640c44ff29e7cc2
  150. 650df0039b9ced835d27a706baa610f1c1597e42
  151. ab37a38b1784a8eb417888f09cd138007972c5bf
  152. 227856a32a115b6767a9528e2e173baae18c2014
  153. 42ada99a4066602dbc0d534c80b5089e38e09388
  154. 268984b91893d63e5c135c3942eb75af167ab63a
  155. 19f3db90c6094d5698f70874c357ba2cfff3008a
  156. cc965fc6fa839e5e438c13bbb279f86824dcf301
  157. 54c0b9e041302fd7b2cd1d93790529427c77fa33
  158. b64becea1befbef4c1e06025fdf5ba2012c43850
  159. 16779a7ddda7f76074f95f9ba46cc963d95cfdf0
  160. 85dd98e9a35308bf51b565553e154cbf514b87a7
  161. 47ae834d1fea607c5adb5d56515b4602c4cacd68
  162. 78b06a8b48ea68f31dbbebb65d33f486ab859f2d
  163. c6d98c2ffc46f35b377c1a1c4b5d6189f46586db
  164. 0331bbc3d8e587ff4632ba58bca4cb98aab84c63
  165. 332b733e0ebbee647f37b51de9f6e5fee0420a59
  166. b717011b020c3dd846e212c1c168b021570685e1
  167. c75c2048173666b038c2b65c308d27a4baceb041
  168. 1f54ceb00059f3bb5f7c343060163ae918b11b83
  169. d3ca19fd03ed37c2c83bfcbf14e136d08184bbeb
  170. 829b1d88b520e3573ffbf3ad1385a0e2bc3609b8
  171. bf30af163b6a87b9438e8ef08e2dfae5d8ee661a
  172. 34c13ce77050c2abb1a0972b2ed51722c9966bbe
  173. d052a7ff863a894c77ef8ec280a7c4a5fc88599b
  174. 6249be1d253453a9ddf95786fd2db2f3b92e3f4a
  175. 58be4092b913375f6b881d255c90762cab142449
  176. eb950c232749894c22482a308582f52b739d289d
  177. 0e1f9ded13f74081beb2243f229499f08fd98568
  178. 943a12f506d8e2316ddecab6aada32568a134864
  179. e4bd0c9585215b80a6442d3036efaf0d08972b38
  180. 8d8cc4c09801ecee254380d370569fa050dbf20b
  181. e9bf43f5eef67122da9e3b361a1264d87039eaa0
  182. 1162689b3b53f1319d1963d28b1cd2c78f02916e
  183. 3d61611cf1b7ddc7b2fabbbadea4a5900e082ef3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment