Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Clear traffic window #66

Open
evilscheme opened this Issue Mar 25, 2013 · 5 comments

Comments

Projects
None yet
2 participants

Is there a way to clear the traffic window? If not, that would be handy :)

Owner

mhils commented Mar 26, 2013

Hey,

this sounds like a useful thing to do for some tasks. Thank you for the suggestion, I'm going to implement this.
I will do that properly as soon as I have switched out the client-side traffic store, so it might take some time (blocked by #46).

As a dirty workaround, you can open your browser JS console and type $("#traffictable tbody").empty().
Alternatively, replace gui/HoneyProxy/views/templates/Sidebar.ejs with the content of this gist.

Thank you!

Awesome, thanks!

Just some context on why I want this: I've installed honeyproxy in AWS and plan to keep it running permanently and throwing random sandbox/honeypot traffic at it. Just to keep it from being a massive list of queries it would be nice to be able to reset the list in-between investigations.

Owner

mhils commented Mar 26, 2013

Thank you for the context. Always love to hear what people are using it for.
Depending on the stuff you're analyzing, you may be interested in the transparent mode. My personal setup is a VM with host-only networking and some iptables rules to redirect HTTP traffic transparently through HoneyProxy then.

FYI, the workaround posted above only hides the flows temporarily in your browser. So if you reload the page, they are obviously back. I will address this with the coming backend changes. Depending on the amount of traffic you are throwing in, you might also run into performance issues in your browser (>>1000 flows). I will address this with the backend changes as well.

I'm using a remote AWS instance for a couple of reasons:

  1. it's a new IP address which is useful when dealing with TDS
  2. I can collaborate on investigations with cow-orkers/friends

Since multiple people are sharing the same view, clearing the flows on the backend would be ideal.

Thanks!

Owner

mhils commented Mar 26, 2013

I see. As a workaround for the backend, you can restart HoneyProxy dynamically. I don't have a machine to test it at currently, but this script should do the job for you: https://gist.github.com/mhils/5242278
Change line 8 for the auth secret and line 18 for the HoneyProxy parameters.
You should be able to restart HoneyProxy by calling host:8000/restart/secret then.
Let me know if you have any further issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment