forked from GoSecure/pyrdp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mitm.default.ini
211 lines (178 loc) · 5.92 KB
/
mitm.default.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
# This is the default PyRDP MITM configuration file.
# It should not be modified directly. Instead, copy the
# file to the system's user configuration directory
# to override the defaults.
#
# Configuration specified on the command line has
# precedence over configuration files.
#
# On most Linux distributions, this file should be in
#
# $HOME/.config/pyrdp/mitm.ini
#
# On Windows systems, the file should be in:
#
# %APPDATA%/pyrdp/mitm.ini
#
# On MacOS:
#
# ~/Library/Application Support/pyrdp/mitm.ini
#
# Subsections are delimited by the `:` character to avoid ambiguity with
# logger names (e.g. `pyrdp.player.ui`)
# This section defines global variables. Variables can be referenced
# by using the `$(vars:varname)` syntax.
#
# It should be possible to change all interesting aspects of the
# configuration through this section
#
[vars]
# The name of the sensor. This is used to disambiguate when multiple
# instances of PyRDP are running on the same server
sensor_id = PyRDP
# The directory to output logs to.
# This is a relative directory to the output directory
log_dir = logs
# The output directory where PyRDP will store various artifacts.
#
# This configures the base directory that PyRDP will use.
# It can be relative to the working directory from where PyRDP was
# started or an absolute path.
output_dir = pyrdp_output
# The default logging level.
level = INFO
# The default log format.
log_format_default = [{asctime}] - {levelname} - {sessionID} - {name} - {message}
# The log format where compact output is used.
log_format_compact = [{asctime}] - {sessionID} - {message}
# -----------------------------------------------------------------
# The next section configures the PyRDP logging facilities.
#
# This uses the logging.config.dictConfig format and nested keys
# (`[handlers:stderr]`) should be in separate sections due to INI
# limitations.
# -----------------------------------------------------------------
# The settings below are the PyRDP defaults.
[logs]
# dictConfig version. Do not modify.
version = 1
# A partial logger name to restrict console output to.
# wildcards are supported. This is overridden by the `-F` flag if
# present and does not affect file logging.
filter = pyrdp
# -----------------------------------------------------------------
# Loggers and Verbosity Levels
#
# To disable a logger, simply remove its `level = ...` line.
# Severity can be one of DEBUG, INFO, WARNING, ERROR or CRITICAL
# Levels can be customized per handler and logger.
# Note that PyRDP's `-L` switch affects the root logger.
# -----------------------------------------------------------------
# Root level logger for PyRDP.
[logs:loggers:pyrdp]
handlers = console, mitm
# Output only to console.
# handlers = console
level = ${vars:level}
# Connection Logging
[logs:loggers:pyrdp.mitm.connections]
handlers = connections
level = ${vars:level}
# Crawler Logging
[logs:loggers:crawler]
handlers = crawl_json, crawl_txt
level = ${vars:level}
# SSL Secret Logging
[logs:loggers:ssl]
handlers = ssl, ssl_console
# Always log SSL master secrets.
level = DEBUG
[logs:loggers:ntlmssp]
handlers = ntlmssp
# Always log NTLMSSP hashes.
level = DEBUG
# -----------------------------------------------------------------
# WARNING:
#
# Do not edit the sections below unless you are sure of what you
# are doing. Some of the settings here are required for PyRDP to
# function properly and everything that users might want to
# modify is exposed as variables or in the sections above.
# -----------------------------------------------------------------
# -----------------------------------------------------------------
# Handlers
# -----------------------------------------------------------------
# Outputs to stderr
[logs:handlers:console]
class = logging.StreamHandler
formatter = default
stream = ext://sys.stderr
# filters = []
# Outputs to mitm.log
[logs:handlers:mitm]
class = logging.handlers.TimedRotatingFileHandler
filename = ${vars:output_dir}/${vars:log_dir}/mitm.log
when = D
formatter = default
encoding = utf8
# Outputs connections to mitm.json
[logs:handlers:connections]
class = logging.FileHandler
filename = ${vars:output_dir}/${vars:log_dir}/mitm.json
formatter = json
encoding = utf8
# Outputs to crawl.log
[logs:handlers:crawl_txt]
class = logging.FileHandler
filename = ${vars:output_dir}/${vars:log_dir}/crawl.log
formatter = compact
encoding = utf8
# Outputs to crawl.json
[logs:handlers:crawl_json]
class = logging.FileHandler
filename = ${vars:output_dir}/${vars:log_dir}/crawl.json
formatter = json
encoding = utf8
# Outputs SSL secrets
[logs:handlers:ssl]
class = logging.FileHandler
filename = ${vars:output_dir}/${vars:log_dir}/ssl.log
formatter = ssl
[logs:handlers:ssl_console]
class = logging.StreamHandler
stream = ext://sys.stderr
formatter = ssl
[logs:handlers:ntlmssp]
class = logging.FileHandler
filename = ${vars:output_dir}/${vars:log_dir}/ntlmssp.log
formatter = ntlmssp
# -----------------------------------------------------------------
# Formatters
# -----------------------------------------------------------------
# Textual / Default Format
[logs:formatters:default]
() = pyrdp.logging.formatters.VariableFormatter
fmt = ${vars:log_format_default}
style = {
# JSON Format
[logs:formatters:json]
() = pyrdp.logging.formatters.JSONFormatter
[logs:formatters:json:baseDict]
sensor = ${vars:sensor_id}
# Compact logs
[logs:formatters:compact]
() = pyrdp.logging.formatters.VariableFormatter
fmt = ${vars:log_format_compact}
style = {
# Identifier for logs not tied to a specific session.
# This is used for log entries.
[logs:formatters:default:defaultVariables]
sessionID = GLOBAL
[logs:formatters:compact:defaultVariables]
sessionID = GLOBAL
# Raw SSL Secret formatting for dumping secrets
[logs:formatters:ssl]
() = pyrdp.logging.formatters.SSLSecretFormatter
# NTLMSSP hash formatting for dumping NTLM hashes
[logs:formatters:ntlmssp]
() = pyrdp.logging.formatters.NTLMSSPHashFormatter