Directory
DShield Web Honeypot
The Web Honeypot is a part of DShield project which aimed to collect quantitative data measuring the activity of automated or semi-automated probes against web applications. It collect logs for webapps to supplement the extensive data collection Dshield already collects on network level activity. The Web Honeypot will not just look for "attacks" but it will also look for "probes" as well. If they are malicious or not can only be determined in context. The Web Honeypot itself is a simple PHP page (index.php) designed to mimic several webapps, will works with an existing account in DShield and gather information in the wild application level attacks . The installation is simple but requires a good number of submitters in order to provide conclusive data. The Web Honeypot will logs the URL and header information such as ip address, host, user agent, referrer from all requests and match it against expression in config.txt before posting it to the DShield database. Some expression in the config.txt will cause the Web Honeypot to respond to attacker by presenting templates associated with it, this normally occurs when an attacker is looking for installations of a particular application common paths and filenames. The templates and patterns are further customizable in the templates folder of the Web Honeypot. The only output generated from the Web Honeypot is honeypot log that is currently located inside the logs folder of the honeypot. The honeypot logs will contains all the logs collected by the Web Honeypot, and the result of logs submission to DShield. Logging details are changeable inside the templates folder config.local.
Reviews (0)
Be the first to review this listing!