Simple Web Honeytraps
Johannes Ullrich recently posted an article detailing quick and simple traps you can add to a web site or web app to flag up suspicious and malicious activity on the site. Johannes does a better job of explain than I could so I’d recommend a read of his post, but put simply the traps discussed are:
- Don’t hand session credentials to automated clients
- Add fake admin pages to robots.txt
- Add fake cookies
- Add ‘Spider loops’
- Add fake hidden passwords as HTML comments
- Use ‘hidden’ form fields
All of the ideas are relatively simple to implement to a greater or lesser extent. I’ve spend the last week experimenting with some of the proposals and have seen some success so far. If I gain any unusual or interesting results I share my findings in a future post.
P.S. if your not already following the AppSec Street Fighter blog I’d highly recommend it.
Advertisement
Hi, Sorry for comment here because your blogspot require registration….
Reference to the nepenthes post, here is my 2 cents :
You can test the nepenthes by enable the x2 and x3, details can be found here :
http://www.honeybird.hk or http://www.remoteroot.net/2008/07/22/testing-nepenthes-works
Meanwhile, anyone had enable the submit-virustotal and does it work? I want to use a gmail a/c but seem the submit-virustotal does not support ssl pop3.
Hi,
no problem with the comment here, I’m migrating away from the blogspot service, it will be decomissioned once I get all the links edited.
Thanks for the links the x# modules aren’t something I’d given much of a look at, and wasn’t aware of their usefulness, one more thing to add to my todo list now
I’ve had the same problem as you with the sumbit-virustotal module (although admittedly I haven’t spent enough time to determine if it’s a simple pebkac error…)