Edit External Console App

Use the Edit External Console App dialog box to add or edit an external console application definition.

In addition to the internal sim servers KFSensor provides, it has the additional the ability to invoke an external application to simulate a service.
This allows you to develop your own simulated services or use those written by a third party.

How it works

The external application must be a console application. That is it must have no user interface and read its input from stdin and write its output to stdout.

KFSensor handles all the socket communications with the visitor. Data received from the visitor is written to the external application's stdin pipe and data is read from the application's stdout pipe and sent to the visitor.

KFSensor monitors the connection to ensure that the visitor does not send more data than permitted and that the visitor does not keep the connection open too long.
KFSensor also logs the traffic in the same way as the internal sim servers so the events are recorded in the same way in the log.

This all makes it very easy to develop a sim server, as there is no need to implement logging or timeout facilities.

However, KFSensor has no control over how the external console processes the data it receives. If there is a buffer overflow vulnerability in the external application then there is the possibility of a security breach. For this reason the facility is disabled completely in the High Integrity Version of KFSensor.

Writing an external console application

It is possible to write an external console application in a low level language such a C, but it easier to use a scripting language such as PERL or Python.

It is strongly recommended that the external console application should exit when it detects its stdin pipe has closed. It can of course exit before that.
If the application does not exit then KFSensor will terminate its process. This should be avoided as Windows does not effectively close all the resources held by a terminated application.

KFSensor contains sample scripts which implement simple services.
You can find descriptions of these scripts and how to configure them and other scripts in the Example External Console Scripts section.

To implement certain services it is necessary to know information such as the visitor's IP address.
KFSensor provides this information via environment variables and by substituting the following command line arguments with the current values.

Debugging

The simplest way to debug an external console application is to run it directly from a DOS box and type in the input.

To track down problems that only occur when an external console application is used within KFSensor the following feature is provided. When the server's Log Level is set to "7 Debug" in the Server Configuration dialog box, all output the external console sends to the stderr pipe is added to the response field in the event log. N.B. this data is never sent to the visitor.

This is especially useful for debugging a PERL compilation problem as the compiler errors are sent to the stderr pipe.

Configuration

Title

• Name
  Each Sim Server requires a unique name, which is used to identify it.
• Description
  A piece of text for notes on what the Sim Server aims to support
• Default Port
  Most services have standard ports on which visitors expect to find them.
  The default port is 80, but you should set this to the default port of the service you are simulating.
  This is only used as a prompt during configuration of a Listen; a Sim Server can be set on any or many different ports.
• Severity
  The severity level that events generated by this Sim Server will be given. This can be overridden as part of the Listen configuration.

Options

• Time out
  The time in seconds that the KFSensor server allows the session to continue for before closing the connection.
• Log style
  
  • Standard
    This option puts all the received data in an event's Received field and all the response data in the Response field.
  • Mixed
    This option puts a limited amount of the received data in an event's Received field and puts the received data and the response data in the Response field.
• Receive limit
  The maximum number of bytes that will be accepted from the visitor before the connection is closed.
• Log response lines
  If set to a value greater than zero then a response will be truncated to the specified number of lines when it is recorded in the log.
• Log response size
  If set to a value greater than zero then a response will be truncated to the specified number of bytes when it is recorded in the log.
• Log receive size
  If set to a value greater than zero then a received data will be truncated to the specified number of bytes when it is recorded in the log.

External console application

• Application ID
  The text in this field is passed to the external application and is recorded in the description field of the event log.
• Application Path
  The full path of the executable application that will be run
• Arguments
  The command line parameters that should be passed to the application.
  This can contain special parameter values as in the Parameters section above.
• Working directory
  The working directory that the application should run in.
  If this is blank then the working directory will be set to the directory containing the application.
• Exit code
  If the visitor closes the connection then the text in this field is passed to the application.
  This can be used internally by the application as a signal that it should close.

Related Topics

• Example External Console Scripts

KF Sensor On-Line Manual Contents