Sign in

Cowrie as HoneyPot on my Router

Last updated on 
Cowrie as HoneyPot on my Router

Running cowrie has been a fun little side project I've been on since quite some time. Setting up and running cowrie is quite simple.

One basic thing I'd recommend is to use correct network and system isolation. I prefer a physical host with separate everything. I also work with firewall rules to manage the network requests to be isolated. I won't be diving deeper into it to avoid exposing some important security details ehre.

I followed this great guide here. Additionally I'd recommend to add more output plugins like [output_mysql] which allowed me to create the dashboard I've discussed before. Just create a new database for it as well (and isolated again as per here). You also need special dependencies for which requirements.txt is available here.

Remember to run the migration specified in the following section from the documentation mentioned above:

$ cd ~/cowrie/docs/sql/
$ mysql -u cowrie -p
USE cowrie;
source mysql.sql; # Migrations being loaded
exit

Of course, you can always use the raw capture as well. Here is a snapshot of activity from sometime ago.

Have fun tricking people! 😉