I was thinking of setting up a “honeypot” so I can see what/who is trying to connect to a specific external address. I’m wondering whether ESPHome would be a good platform.
All I need is a simple web server which sends some information about each GET request it receives to either a log file, or to an entity in HA. This would include the remote host IP address, referrer, and maybe remote browser string. Along with date and time, of course. I don’t care what the remote host sees, in fact I’d rather they just get a 404 error.
Is this something ESPHome could do? I use the default web server already, just so I can connect directly to the devices for diagnostics, but I don’t see a lot of information about adding any custom pages with a little logic in them.
But the more I think about it, I’m not really asking much. ESPHome can already run a (minimal) web server. I want even less than that. Just take a few fields from the header of the GET request and make them into entities. Or just log them to a text file. No response to the calling host is needed or even wanted. Should be virtually zero overhead in CPU or memory.
I suppose I could do some homework to identify where the web server code is and what it’s written in. Just seemed like someone, somewhere might have already done something similar. If not, that’s OK. It wouldn’t be the first system I’ve had to hack to get it to do what I wanted. It’s just that everything else in ESPHome is so easy, I figured this would be, too.
This is the wrong tool for the job. Basic linux box with any reverse proxy (nginx or haproxy) or the most basic apache setup will do exactly this and you can see whatever you want in that access logs. Plus, you’ll have https and whatever other ports you need.
Using home assistant to monitor honeypot means you expose it to DOS attacks for which it surely isn’t designed or sized. Not that the esp32 would handle that much of traffic but who knows…
Good points all. Still, I’ve seen lots of “wrong tool for the job” solutions in this forum. HA and ESPHome seem to expand to fit all kinds of use cases for which they might not be the best solution.
I have some ESP32s sitting around. I use a number of ESPHome devices. It would be nice to use the hardware I already have and take advantage of whatever part of the learning curve I’ve already gotten through.
I’ve seen a few different Arduino web server solutions. I dabbled with that once, and of course some ESPHome skills would apply there, so that’s an option. Still, it looks like ESPHome uses the ESPAsyncWebServer, which I was hoping might offer the simple capabilities I’m after.
As for DDOS attacks, that’s always a possibility. Modern routers offer some rudimentary protection, and as you say the throughput of an ESP32 would probably be a limiting factor anyway. Come to think of it, I have some spare ESP8266’s too, which would limit throughput even more.
ESPs can for sure do your job, but ESPHome is just not made for that task.
There are for sure already a project like this out there, but you might have to code a bit to make the small needed changes and you will also have to reflash your chip with almost every change you decide later.