Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GSoC'23 Project: Implement an Interactive GUI for presenting Network-Based Indicators summary #163

Merged
merged 42 commits into from
Mar 29, 2024
Merged
Show file tree
Hide file tree
Changes from 40 commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
2f5119a
collect nbi in HTTP Listener as a nested dictionary
3V3RYONE May 30, 2023
81f9fe5
added comments
3V3RYONE Jun 1, 2023
77205df
add process information in sessions dictionary
3V3RYONE Jun 2, 2023
8dcad9d
use partition method to split HTTP headers
3V3RYONE Jun 5, 2023
e4b22a7
implemented callback from http listener to diverter for unproxied req…
3V3RYONE Jun 6, 2023
1638d51
log proxied nbis
3V3RYONE Jun 13, 2023
77945b9
use proper naming conventions and code optimization
3V3RYONE Jun 15, 2023
770a6ee
collect dport, protocol and ssl information
3V3RYONE Jun 26, 2023
24f1c54
added comments for methods, code optimization
3V3RYONE Jun 26, 2023
c3d63b1
normalize nbi dictionary format
3V3RYONE Jun 29, 2023
73c72de
make a wrapper class for diverter
3V3RYONE Jul 6, 2023
8cd483c
normalize wrapper class format
3V3RYONE Jul 11, 2023
e4be3fb
index remote process ids for multihost mode in nbi dict
3V3RYONE Jul 11, 2023
afb32fa
added support for local traffic in multihost mode
3V3RYONE Jul 11, 2023
5d2b187
collect nbis from raw listener
3V3RYONE Jul 14, 2023
bc9e6a8
chore: add protocol with proxy_sport as key in proxy_sport_to_orig_sp…
3V3RYONE Jul 17, 2023
ca9f992
feat: add prettyPrint() for nbis
3V3RYONE Jul 17, 2023
fe24a6d
docs: add docstrings to methods and revise NBI banner
3V3RYONE Jul 21, 2023
5a63b7d
feat: log nbis from ftp listener
3V3RYONE Jul 24, 2023
59964a8
feat: log nbis from tftp listener
3V3RYONE Jul 25, 2023
7a55b15
chore: update nbi format for ftp and tftp listeners
3V3RYONE Jul 25, 2023
5fff6b3
chore: spawn longer code into multiple lines for better readability
3V3RYONE Jul 26, 2023
f20c990
chore: update code style to match standard indentation
3V3RYONE Jul 26, 2023
4f42b25
chore: collect nbis in the handler of raw listener
3V3RYONE Jul 26, 2023
a4f6348
feat: log nbis from smtp listener
3V3RYONE Jul 27, 2023
8c9b6e4
feat: add an interactive UI to plot nbi data
3V3RYONE Aug 11, 2023
d5463df
feat: log nbis from dns listener
3V3RYONE Aug 12, 2023
1b7944a
chore: support standard copy formats in UI and highlight active element
3V3RYONE Aug 14, 2023
3afda5c
chore: add jinja2 in setup.py
3V3RYONE Aug 23, 2023
3ed2a77
chore: inline css and js to make reports shareable
3V3RYONE Aug 23, 2023
2254673
feat: log nbis from pop listener and irc listener
3V3RYONE Aug 24, 2023
b5f1070
chore: log actual path requested by client in ftp listener
3V3RYONE Aug 25, 2023
be1eae2
chore: normalize command to string before handling request
3V3RYONE Aug 25, 2023
252e7ac
chore: add icmp disclaimer and modify copy format for http nbis in ui
3V3RYONE Aug 25, 2023
a60893e
chore: log ack and err requests in nbis from tftp listener
3V3RYONE Aug 25, 2023
c82b3b6
chore: modify nbi format in dns listener
3V3RYONE Aug 25, 2023
e401d3f
chore: map proxy_sport to orig_sport for udp requests in proxy listener
3V3RYONE Aug 25, 2023
730c5dc
docs: add ui usage and documentation in readme
3V3RYONE Aug 25, 2023
3b9693a
docs: add better documentation and fix code indentation
3V3RYONE Sep 10, 2023
dc45936
fix: remove empty data field from ACK nbis in tftp listener
3V3RYONE Sep 10, 2023
9ee0950
Fix bugs in HTML report template and clean up
tinajohnson Mar 5, 2024
6a2c20e
Fix indentation of report template file
tinajohnson Mar 8, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 37 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -246,13 +246,49 @@ logs will be labeled with the name set in the configuration file:

07/06/16 10:21:03 PM [ DNS Server] Received A request for domain 'evil.com'.

To stop FakeNet-NG and close out the generated PCAP file simply press `CTRL-C`:
To stop FakeNet-NG and save the generated PCAP file and HTML report to disk simply press `CTRL-C`:

07/06/16 10:21:41 PM [ FakeNet] Stopping...
07/06/16 10:21:42 PM [ HTTPListener80] Stopping...
07/06/16 10:21:42 PM [ HTTPListener443] Stopping...
07/06/16 10:21:42 PM [ SMTPListener] Stopping...
07/06/16 10:21:43 PM [ Diverter] Stopping...
07/06/16 10:21:43 PM [ Diverter] Generated new HTML report: report_20160607_102143.html

User Interface
--------------

With each session of FakeNet-NG, an HTML report containing the Network-Based Indicators (NBIs) captured throughout the session is generated. Upon termination of FakeNet by pressing `CTRL-C`, this HTML file will be saved to the root directory of FakeNet. A user can review the NBIs by viewing this HTML file in a browser such as Chrome or Firefox.

The HTML report serves as an interactive Graphical User Interface (GUI) that presents the NBI summary in a user-friendly manner. It includes various features to select, filter, and copy NBIs, making network analysis easier. The UI organizes all NBIs based on their process information and then further categorizes them by the application layer or transport layer protocol they use.

#### NBI Summary Table
The information in the NBI summary table is presented in a tabular format and includes the following details:

* Select: Clicking on the checkbox selects the corresponding NBI. You can select multiple NBIs across different or the same protocols. The entire row can also be selected by clicking anywhere within the row. Selected NBIs can be copied using the "Copy Selected NBIs" button.

* NBI: This cell represents the actual captured NBI. It includes commands, parameters, URIs, and other significant activity generated by the client against the listener. This cell summarizes malware behavior for better understanding.

* Additional Information: This cell provides extra information about each NBI request such as the transport layer protocol used, destination IP, port, and SSL encryption.

* Actions: This cell allows you to perform actions on individual NBIs. Currently, only copying is supported. Clicking the copy button copies the specific NBI cell data in a markdown format suitable for creating reports.

#### Interactive Features
The UI also includes various interactive features:

* Checkbox Selection: Checkboxes are available before each process and protocol block. Ticking a checkbox selects all NBIs under that process or protocol. This is useful when you want to select all NBIs from a particular process or protocol. You can then use the `Copy Selected NBIs` button to copy the selected data.

* Search Bar: The search bar lets you type keywords, and only the rows containing these keywords in the process name, NBI, or additional information will be displayed in the HTML page. You can then use the "Copy Filtered Data" button to copy the displayed data in markdown format. Clearing the search query restores the original table view.

* Copy Buttons:

* `Copy Selected Data`: Copies all the selected NBIs in markdown format. You can select individual NBIs or all NBIs under a process by ticking checkboxes.
* `Copy Filtered Data`: Copies the filtered NBIs' data in markdown format. If no search query is used, this button copies the entire data.
* `Copy All NBIs`: Copies all the NBIs in markdown format present in the HTML page. Even if a filter is applied, clicking this button copies all NBIs.

* Disclaimer Button: Displays the disclaimer, which outlines important facts for the user to consider before making assumptions about the displayed NBI summary.

* Go To Top Button: Appears when the page's content exceeds the viewable area. Clicking this button takes you to the top of the page, where you can access important buttons like `Copy Selected NBIs`,` Copy All NBIs`, `Copy Filtered NBIs`, and the search bar.

Configuration
-------------
Expand Down
Loading