Skip to content

feat(ssdp): implement dynamic header extraction and logging#21

Open
GitHub-MasterX wants to merge 2 commits intohoneynet:mainfrom
GitHub-MasterX:feat/dynamic-ssdp-parser
Open

feat(ssdp): implement dynamic header extraction and logging#21
GitHub-MasterX wants to merge 2 commits intohoneynet:mainfrom
GitHub-MasterX:feat/dynamic-ssdp-parser

Conversation

@GitHub-MasterX
Copy link
Copy Markdown

@GitHub-MasterX GitHub-MasterX commented Mar 29, 2026

Overview -

  • Refactored the SSDP/UPnP logging system to dynamically extract and log HTTP-style headers from incoming UDP packets.
  • Previously, the system only logged the request method and client IP, without logging the critical telemetry data.

Problem - Headers not being logged from the client's input

  • The UPnP logging system was logging only two things about the client as below :-
    UPnP M-SEARCH <ip> or UPnP non-M-SEARCH <ip>
  • Where the critical headers (for e.g ST, MAN, MX) where not extracted in the logs.
  • Researchers could not determine what device types attackers were scanning for or identify scanner tooling from logs

Implementation -

  • Added extraction(char *pkt_buffer, char *msg) function parses all headers from the received SSDP buffer(the client's input), using \n as line delimiter and : as field separator.
  • Headers are appended to the log entry separated by | for readability

Testing -

  • Fixed a buffer re-initialization bug discovered during testing — log message buffer was accumulating headers across requests. Fixed by scoping buffer initialization within the listener loop.

Testing for non-M-SEARCH :-

INPUT - 

printf "NOTIFY * HTTP/1.1\r\n\
HOST: 239.255.255.250:1900\r\n\
CACHE-CONTROL: max-age=1800\r\n\
LOCATION: http://127.0.0.1:5000/description.xml\r\n\
SERVER: Linux/5.0 UPnP/1.0 GSoC-Tarpit/v1.0\r\n\
NT: upnp:rootdevice\r\n\
NTS: ssdp:alive\r\n\r\n" | nc -u -w1 127.0.0.1 1900

OUTPUT -

UPnP non-M-SEARCH 172.18.0.1 | HOST:239.255.255.250:1900 | CACHE-CONTROL:max-age=1800 | LOCATION:http://127.0.0.1:5000/description.xml | SERVER:Linux/5.0 UPnP/1.0 GSoC-Tarpit/v1.0 | NT:upnp:rootdevice | NTS:ssdp:alive

Testing for M-SEARCH :-

INPUT

printf "M-SEARCH * HTTP/1.1\r\n\
HOST: 239.255.255.250:1900\r\n\
MAN: \"ssdp:discover\"\r\n\
ST: ssdp:all\r\n\
USER-AGENT: Custom-GSoC-Scanner-v1.0\r\n\r\n" | nc -u -w1 127.0.0.1 1900

OUTPUT -

UPnP M-SEARCH 172.18.0.1 | HOST:239.255.255.250:1900 | MAN:"ssdp:discover" | ST:ssdp:all | USER-AGENT:Custom-GSoC-Scanner-v1.0

The above feat. helps in improving reliability, logging and improving framework usability for researchers

@GitHub-MasterX GitHub-MasterX changed the title feat(ssdp): implement dynamic header extraction and validation feat(ssdp): implement dynamic header extraction and logging Mar 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GitHub-MasterX