Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Clear traffic window #66

Open
evilscheme opened this Issue · 5 comments

2 participants

@evilscheme

Is there a way to clear the traffic window? If not, that would be handy :)

@mhils
Owner

Hey,

this sounds like a useful thing to do for some tasks. Thank you for the suggestion, I'm going to implement this.
I will do that properly as soon as I have switched out the client-side traffic store, so it might take some time (blocked by #46).

As a dirty workaround, you can open your browser JS console and type $("#traffictable tbody").empty().
Alternatively, replace gui/HoneyProxy/views/templates/Sidebar.ejs with the content of this gist.

Thank you!

@evilscheme

Awesome, thanks!

Just some context on why I want this: I've installed honeyproxy in AWS and plan to keep it running permanently and throwing random sandbox/honeypot traffic at it. Just to keep it from being a massive list of queries it would be nice to be able to reset the list in-between investigations.

@mhils
Owner

Thank you for the context. Always love to hear what people are using it for.
Depending on the stuff you're analyzing, you may be interested in the transparent mode. My personal setup is a VM with host-only networking and some iptables rules to redirect HTTP traffic transparently through HoneyProxy then.

FYI, the workaround posted above only hides the flows temporarily in your browser. So if you reload the page, they are obviously back. I will address this with the coming backend changes. Depending on the amount of traffic you are throwing in, you might also run into performance issues in your browser (>>1000 flows). I will address this with the backend changes as well.

@evilscheme

I'm using a remote AWS instance for a couple of reasons:
1) it's a new IP address which is useful when dealing with TDS
2) I can collaborate on investigations with cow-orkers/friends

Since multiple people are sharing the same view, clearing the flows on the backend would be ideal.

Thanks!

@mhils
Owner

I see. As a workaround for the backend, you can restart HoneyProxy dynamically. I don't have a machine to test it at currently, but this script should do the job for you: https://gist.github.com/mhils/5242278
Change line 8 for the auth secret and line 18 for the HoneyProxy parameters.
You should be able to restart HoneyProxy by calling host:8000/restart/secret then.
Let me know if you have any further issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.