Snare tanner communication #184
Conversation
rnehra01
force-pushed
the
snare-tanner-comm
branch
from
b2d0f92
to
25b7abb
Compare
tanner/emulators/base.py
Outdated
| if 'payload' not in detection: | ||
| detection['type'] = 1 | ||
| elif 'payload' in detection: | ||
| if 'status_code' not in detection: |
There was a problem hiding this comment.
As I understood from code, status_code in detection['payload'], am I right?
There was a problem hiding this comment.
Yes, you're right.
| injectable_page = '/index.html' | ||
| detection['payload']['page'] = injectable_page | ||
| else: | ||
| detection['type'] = 3 |
There was a problem hiding this comment.
Can we return any status info about error?
There was a problem hiding this comment.
Do we need that because usually that will be present in logs where it was present? And even if get it then how will we use it, as suppose we return 500 error to the client then sending any other data won't be needed.
There was a problem hiding this comment.
In case of tanner error, snare should works normally (e.g. return index page). Imagine the situation, when we use snare with default tanner and we don't have access to tanner's log. Something happens, but we don't know what.
There was a problem hiding this comment.
Ok, but this thing is when you want to give a particular status_code intentionally to give positive results for the attack, though I'll add that too for normal tanner error.
* Make different type of detection * Make emulator compatible with the new structure * fix tests * fix typo
* Make different type of detection * Make emulator compatible with the new structure * fix tests * fix typo
fix #100
This is how return value from tanner look like :
To make communication more systematic, return value type from each emulator is fixed i.e
dict(value='', page=True/False)(if page=False then payload won't be injected on any page but on a new page)