README.md 1.98 KB
Newer Older
Edvard Rejthar's avatar
Edvard Rejthar committed
1
#  MDM-Augmented
Edvard Rejthar's avatar
Edvard Rejthar committed
2

Edvard Rejthar's avatar
Edvard Rejthar committed
3
Scans a website for a sign of a parasite hosts or commands.
Edvard Rejthar's avatar
Edvard Rejthar committed
4

Edvard Rejthar's avatar
Edvard Rejthar committed
5
## Installation
Edvard Rejthar's avatar
Edvard Rejthar committed
6

7 8
1. Download ```git clone git@gitlab.labs.nic.cz:csirt/mdmaug.git /tmp/mdmaug```
2. Edit mdmaug/lib/config.py
9
3. You should generate a certificate to `mdmaug/cert-mdmaug.pem`, at least a self-signed one (non recommended): `openssl req -x509 -newkey rsa:4096 -nodes -out cert-mdmaug.pem -keyout key-mdmaug.pem`
10 11
4. Perform installation: ```/tmp/mdmaug/INSTALL```
5. Everything should be located in `/opt/mdmaug`.
12
6. For testing purposes, launch it under newly created `mdmaug` user: `su - mdmaug -c 'python3 -m mdmaug'`
13 14
7. Connect in the browser at: https://127.0.0.1:5000
8. Try analysing `https://127.0.0.1:5000/static/demopage.html` on local server
15
9. For deployment, configure nginx properly to be used with flask
Edvard Rejthar's avatar
Edvard Rejthar committed
16

Edvard Rejthar's avatar
Edvard Rejthar committed
17
### Notes
Edvard Rejthar's avatar
Edvard Rejthar committed
18

Edvard Rejthar's avatar
Edvard Rejthar committed
19
* If you want other count of profiles than 21, change `./INSTALL` + `mdmaug/lib/config.py` + `.mozilla/firefox/profiles.ini`
20
* You may put ```03 1,7,13,19 * * * ~/mdmaug-launch``` in ```crontab -e``` of user mdmaug.
21
* We are using Python3.6+, Firefox 62.0
Edvard Rejthar's avatar
Edvard Rejthar committed
22

23 24 25 26
## Tips

* You may use /static/demopage.html as a testing page.

27
### Troubleshooting
28

Edvard Rejthar's avatar
Edvard Rejthar committed
29 30 31
* If you use NoScript, make sure it doesn't block the MDM-Augmented server.
* Certificate error: Make sure that the browser doesn't block the MDM-Augmented server if used from MDM.

32 33 34 35 36 37 38 39 40 41 42 43 44
#### Debugging session

I'm launching it like this:
`su - mdmaug -c 'export FLASK_APP=mdmaug.__main__:app && export PYTHONPATH=/opt/mdmaug/mdmaug && ./local/bin/flask run'`


#### Wanna see what Firefox is really doing?
  * Shell into mdmaug. (`ssh -X ...`, `su - mdmaug`)
  * Try launching Firefox manually by `firefox -P`, the profiles names being: 0,1...
  * If no Firefox window appears try
    * `xhost +local:mdmaug` if you're on the same machine
    * `root@mdmaugmachine$xauth list` on remote root and `mdmaug$xauth add ...` display cookie
  * When Firefox window appear, run MDMaug with `export FIREFOX_DEBUG=1`. Now, instead of virtual display your monitor should be used.