Installation of Thug (a Python low-interaction honeyclient) on Ubuntu/Debian

Posted: May 21st, 2012 | Author: | Filed under: IT Related | Tags: , , , , , , , | 2 Comments »

Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. [1]

I’m impressed with the artwork of @buffer AKA Angelo in his previous project, phoneyc and started to give a detail look and hacks on the project. While only 1 hack finished on my side, Angelo already release a brand new honeyclient based on Python + V8 JS engine called Thug. What a wonderful idea + talent

Here are some useful information that might help you to build and compile Thug + V8 on Ubuntu/Debian machine:

 

    • Install some dependencies
sudo apt-get install python-setuptools build-essential git-core subversion scons python-chardet python-html5lib libboost-python-dev libboost-dev python-pefile python-httplib2 python-cssutils libboost-thread-dev libc6-dev libreadline-dev libboost-system-dev
sudo easy_install beautifulsoup4
sudo apt-get install python-magic python-pydot
    • Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8
    • Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
patch -p0 < V8-patch2.diff
rm V8-patch*
    • Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8 &amp;&amp; python setup.py build
sudo python setup.py install
    • If you came across the following warning, simply ignore it
#######################################################
#  WARNING: Building V8 with SCons is deprecated and  #
#  will not work much longer. Please switch to using  #
#  the GYP-based build now. Instructions are at       #
#  http://code.google.com/p/v8/wiki/BuildingWithGYP.  #
#######################################################
    • Now test your installation
cd ~/thug/src
python thug.py
    • With the previous test, you will get something similar to this:
Synopsis:
    Thug: Pure Python honeyclient implementation
 
    Usage:
        python thug.py [ options ] url
 
    Options:
        -h, --help          	Display this help information
        -o, --output=       	Log to a specified file
        -r, --referer=      	Specify a referer
        -p, --proxy=        	Specify a proxy (see below for format and supported schemes)
        -l, --local         
        -v, --verbose       	Enable verbose mode    
        -d, --debug         	Enable debug mode
        -u, --useragent=    	Select a user agent (see below for values, default: xpie61)
 
    Proxy Format:
        scheme://[username:password@]host:port (supported schemes:  http, socks4, socks5)
 
    Available User-Agents:
	xpie60			Internet Explorer 6.0 (Windows XP)
	xpie61			Internet Explorer 6.1 (Windows XP)
	xpie70			Internet Explorer 7.0 (Windows XP)
	xpie80			Internet Explorer 8.0 (Windows XP)
	w2kie60			Internet Explorer 6.0 (Windows 2000)
	w2kie80			Internet Explorer 8.0 (Windows 2000)

Reference:
[1] https://github.com/buffer/thug