Edit External Console App

Use the Edit External Console App dialog box to add or edit an external console application definition.

In addition to the internal sim servers KFSensor provides, it has the additional the ability to invoke an external application to simulate a service.
This allows you to develop your own simulated services or use those written by a third party.

How it works

The external application must be a console application. That is it must have no user interface and read its input from stdin and write its output to stdout.

KFSensor handles all the socket communications with the visitor. Data received from the visitor is written to the external application's stdin pipe and data is read from the application's stdout pipe and sent to the visitor.

KFSensor monitors the connection to ensure that the visitor does not send more data than permitted and that the visitor does not keep the connection open too long.
KFSensor also logs the traffic in the same way as the internal sim servers so the events are recorded in the same way in the log.

This all makes it very easy to develop a sim server, as there is no need to implement logging or timeout facilities.

However, KFSensor has no control over how the external console processes the data it receives. If there is a buffer overflow vulnerability in the external application then there is the possibility of a security breach.

Writing an external console application

It is possible to write an external console application in a low level language such a C, but it easier to use a scripting language such as PERL or Python.

It is strongly recommended that the external console application should exit when it detects its stdin pipe has closed. It can of course exit before that.
If the application does not exit then KFSensor will terminate its process. This should be avoided as Windows does not effectively close all the resources held by a terminated application.

KFSensor contains sample scripts which implement simple services.
You can find descriptions of these scripts and how to configure them and other scripts in the Example External Console Scripts section.


To implement certain services it is necessary to know information such as the visitor's IP address.
KFSensor provides this information via environment variables and by substituting the following command line arguments with the current values.

Parameter CL Argument Env. Variable Example
Sensor IP Address $ipdst KFSENSOR_ADDR and HONEYD_IP_DST
Sensor Port $dport KFSENSOR_PORT and HONEYD_DST_PORT 80
Visitor Domain $visdomain VISITOR_DOMAIN hackersrus.com
Visitor IP Address $ipsrc VISITOR_ADDR and HONEYD_IP_SRC
Visitor Port $sport VISITOR_PORT and HONEYD_SRC_PORT 3205
Application ID $appid KFSENSOR_APPID Echo
Domain Name $domain KFSENSOR_DOMAIN networksforu.com
Number of connections
made by visitor

The simplest way to debug an external console application is to run it directly from a DOS box and type in the input.

To track down problems that only occur when an external console application is used within KFSensor the following feature is provided. When the server's Log Level is set to "7 Debug" in the Server Configuration dialog box, all output the external console sends to the stderr pipe is added to the response field in the event log. N.B. this data is never sent to the visitor.

This is especially useful for debugging a PERL compilation problem as the compiler errors are sent to the stderr pipe.



  • Name
    Each Sim Server requires a unique name, which is used to identify it.
  • Description
    A piece of text for notes on what the Sim Server aims to support
  • Default Port
    Most services have standard ports on which visitors expect to find them.
    The default port is 80, but you should set this to the default port of the service you are simulating.
    This is only used as a prompt during configuration of a Listen; a Sim Server can be set on any or many different ports.
  • Severity
    The severity level that events generated by this Sim Server will be given. This can be overridden as part of the Listen configuration.


These settings control how this External Console App responds to a visitor.
  • Time out
    The time in seconds that the KFSensor server allows the session to continue for before closing the connection.
  • Log style
    • Standard
      This option puts all the received data in an event's Received field and all the response data in the Response field.
    • Mixed
      This option puts a limited amount of the received data in an event's Received field and puts the received data and the response data in the Response field.
  • Receive limit
    The maximum number of bytes that will be accepted from the visitor before the connection is closed.
  • Log response lines
    If set to a value greater than zero then a response will be truncated to the specified number of lines when it is recorded in the log.
  • Log response size
    If set to a value greater than zero then a response will be truncated to the specified number of bytes when it is recorded in the log.
  • Log receive size
    If set to a value greater than zero then a received data will be truncated to the specified number of bytes when it is recorded in the log.

External console application

These settings control how KFSensor launches the external console application.
  • Application ID
    The text in this field is passed to the external application and is recorded in the description field of the event log.
  • Application Path
    The full path of the executable application that will be run
  • Arguments
    The command line parameters that should be passed to the application.
    This can contain special parameter values as in the Parameters section above.
  • Working directory
    The working directory that the application should run in.
    If this is blank then the working directory will be set to the directory containing the application.
  • Exit code
    If the visitor closes the connection then the text in this field is passed to the application.
    This can be used internally by the application as a signal that it should close.
  • Requires console
    Certain applications require their own console in order to function properly. This option provides one.

Related Topics

KFSensor On-Line Manual Contents