Add Support for HTTPS

AttackMapServer/AttackMapServer.py

@@ -8,7 +8,7 @@
 import json
 import redis
 import tornadoredis
-#import tornado.httpserver
+import tornado.httpserver
 import tornado.ioloop
 import tornado.web
 import tornado.websocket
@@ -235,12 +235,12 @@ def on_message(self, msg):
 
 def main():
     # Register handler pages
-    handlers = [
+    application = tornado.web.Application([
                 (r'/websocket', WebSocketChatHandler),
                 (r'/static/(.*)', tornado.web.StaticFileHandler, {'path': 'static'}),
                 (r'/flags/(.*)', tornado.web.StaticFileHandler, {'path': 'static/flags'}),
                 (r'/', IndexHandler)
-                ]
+                ])
 
     # Define the static path
     #static_path = path.join( path.dirname(__file__), 'static' )
@@ -250,9 +250,14 @@ def main():
                 #'static_path': static_path
                 }
 
+    # Define path to ssl certs
+    ssl_options={
+        "certfile": "/path/to/domain.crt",
+        "keyfile": "/path/to/domain.key",
+    }
     # Create and start app listening on port 8888
     try:
-        app = tornado.web.Application(handlers, **settings)
+        app = tornado.httpserver.HTTPServer(application, ssl_options=ssl_options)
         app.listen(8888)
         print('[*] Waiting on browser connections...')
         tornado.ioloop.IOLoop.instance().start()

AttackMapServer/index.html

@@ -6,8 +6,8 @@
         <title>GeoIP Attack Map</title>
 
         <!--SCRIPT LINKS-->
-        <script src="http://d3js.org/d3.v3.min.js" charset="utf-8"></script>
-        <script src="http://cdn.leafletjs.com/leaflet-0.7/leaflet.js"></script>
+        <script src="https://d3js.org/d3.v3.min.js" charset="utf-8"></script>
+        <script src="https://unpkg.com/leaflet@0.7.7/dist/leaflet.js"></script>
         <script src='https://api.mapbox.com/mapbox.js/v2.3.0/mapbox.js'></script>
         <script src='https://api.mapbox.com/mapbox.js/plugins/leaflet-fullscreen/v1.0.1/Leaflet.fullscreen.min.js'></script>
 

AttackMapServer/static/map.js

@@ -4,8 +4,8 @@
 // - AttackMapServer machine:
 //   - Internal IP: 127.0.0.1
 //   - External IP: 192.168.11.106
-var webSock = new WebSocket("ws:/127.0.0.1:8888/websocket"); // Internal
-//var webSock = new WebSocket("ws:/192.168.1.100:8888/websocket"); // External
+var webSock = new WebSocket("wss:/127.0.0.1:8888/websocket"); // Internal
+//var webSock = new WebSocket("wss:/192.168.1.100:8888/websocket"); // External
 
 // link map
 

README.md

@@ -18,6 +18,7 @@ This program relies entirely on syslog, and because all appliances format logs d
 4. Add headquarters latitude/longitude to hqLatLng variable in **index.html**
 5. Use syslog-gen.py, or syslog-gen.sh to simulate dummy traffic "out of the box."
 6. **IMPORTANT: Remember, this code will only run correctly in a production environment after personalizing the parsing functions. The default parsing function is only written to parse ./syslog-gen.sh traffic.**
+7. Make sure to add the appropriate ssl certificate paths to `AttackMapServer.py`
 
 ### Bugs, Feedback, and Questions
 If you find any errors or bugs, please let me know. Questions and feedback are also welcome, and can be sent to [email protected], or open an issue in this repository.
@@ -86,7 +87,29 @@ Tested on Ubuntu 16.04 LTS.
     cd AttackMapServer/
     unzip static/flags.zip
     ``` 
-
+
+* Generate ssl certificates for your server
+
+  * Generate Self Signed Cert with Openssl:
+  ```sh
+  openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout domain.key -out domain.crt
+  ```
+
+    * **NOTE**: If you are using a self signed cert your browser will warn you that your connection is unsafe. 
+
+  * Alternatively you can use [https://letsencrypt.org/](https://letsencrypt.org/) to get a free signed certificate for your domain.
+
+* Configure the Attack Map Server with SSL Certs:
+
+  * Edit `ssl_options` in `AttackMapServer.py` to point to your certificates.
+
+    ```python
+    ssl_options={
+        "certfile": "/path/to/domain.crt",
+        "keyfile": "/path/to/domain.key",
+    }
+
+    ``` 
 * Start the Attack Map Server:
 
     ```sh
@@ -95,19 +118,21 @@ Tested on Ubuntu 16.04 LTS.
 
 * Access the Attack Map Server from browser:
 
-    * [http://localhost:8888/](http://localhost:8888/) or [http://127.0.0.1:8888/](http://127.0.0.1:8888/)
+    * [https://localhost:8888/](https://localhost:8888/) or [https://127.0.0.1:8888/](https://127.0.0.1:8888/)
+
+      * **NOTE** If you are using [https://localhost:8888/](https://localhost:8888/) and a self signed cert you will have to visit [https://127.0.0.1:8888/](https://127.0.0.1:8888/) and click proceed unsafely for the websocket connection to work.
 
     * To access via browser on another computer, use the external IP of the machine running the AttackMapServer.
 
      * Edit the IP Address in the file "/static/map.js" at "AttackMapServer" directory. From:
 
        ```javascript
-       var webSock = new WebSocket("ws:/127.0.0.1:8888/websocket");
+       var webSock = new WebSocket("wss:/127.0.0.1:8888/websocket");
        ```
      * To, for example: 
 
        ```javascript
-       var webSock = new WebSocket("ws:/192.168.1.100:8888/websocket");
+       var webSock = new WebSocket("wss:/192.168.1.100:8888/websocket");
        ```
      * Restart the Attack Map Server: