README.md 2.3 KB
Newer Older
Edvard Rejthar's avatar
Edvard Rejthar committed
1
#  MDM-Augmented
Edvard Rejthar's avatar
Edvard Rejthar committed
2

Edvard Rejthar's avatar
Edvard Rejthar committed
3
Scans a website for a sign of a parasite hosts or commands.
Edvard Rejthar's avatar
Edvard Rejthar committed
4

Edvard Rejthar's avatar
Edvard Rejthar committed
5
## Installation
Edvard Rejthar's avatar
Edvard Rejthar committed
6

7 8
1. Download ```git clone git@gitlab.labs.nic.cz:csirt/mdmaug.git /tmp/mdmaug```
2. Edit mdmaug/lib/config.py
9
3. You should generate a certificate to `mdmaug/cert-mdmaug.pem`, at least a self-signed one (non recommended): `openssl req -x509 -newkey rsa:4096 -nodes -out cert-mdmaug.pem -keyout key-mdmaug.pem`
10 11
4. Perform installation: ```/tmp/mdmaug/INSTALL```
5. Everything should be located in `/opt/mdmaug`.
12
6. For testing purposes, launch it under newly created `mdmaug` user: `su - mdmaug -c 'python3 -m mdmaug'`
13 14 15 16 17
7. Connect in the browser at: https://127.0.0.1:8000
8. Try analysing `https://127.0.0.1:8000/static/demopage.html` on local server
9. For deployment, configure nginx (`sudo apt install nginx`) properly to be used with flask:
    * If you are using systemd you may want to copy `misc/mdmaug.service` to `/etc/systemd/system/` so that MDMaug runs after restart (or with `sudo service mdmaug start`)
    * `misc/mdmaug.nginx` can be integrated to nginx `/etc/nginx/sites-available/` (& symlinked to `/etc/nginx/sites-enabled/`)
Edvard Rejthar's avatar
Edvard Rejthar committed
18

Edvard Rejthar's avatar
Edvard Rejthar committed
19
### Notes
Edvard Rejthar's avatar
Edvard Rejthar committed
20

Edvard Rejthar's avatar
Edvard Rejthar committed
21
* If you want other count of profiles than 21, change `./INSTALL` + `mdmaug/lib/config.py` + `.mozilla/firefox/profiles.ini`
22
* We are using Python3.6+, Firefox 62.0
23
* You may launch MDMaug with environmental variable `PORT` to change the port the application is bound to
24

25
### Troubleshooting
26

Edvard Rejthar's avatar
Edvard Rejthar committed
27 28 29
* If you use NoScript, make sure it doesn't block the MDM-Augmented server.
* Certificate error: Make sure that the browser doesn't block the MDM-Augmented server if used from MDM.

30 31
#### Debugging session

32 33
* I'm launching it like this:: `su - mdmaug -c 'LC_ALL=C.UTF-8 FLASK_ENV=development FLASK_APP=mdmaug.__main__:app flask run -h 217.31.202.41 -p 8001`
* or `su - mdmaug -c 'PORT=8001 python3 -m mdmaug`
34 35 36 37 38 39 40 41


#### Wanna see what Firefox is really doing?
  * Shell into mdmaug. (`ssh -X ...`, `su - mdmaug`)
  * Try launching Firefox manually by `firefox -P`, the profiles names being: 0,1...
  * If no Firefox window appears try
    * `xhost +local:mdmaug` if you're on the same machine
    * `root@mdmaugmachine$xauth list` on remote root and `mdmaug$xauth add ...` display cookie
42
  * When Firefox window appear, run MDMaug with `FIREFOX_DEBUG=1`. Now, instead of virtual display your monitor should be used.