Home > Honeypot, InfoSec > Simple Web Honeytraps

Simple Web Honeytraps

2009/06/13

Johannes Ullrich recently posted an article detailing quick and simple traps you can add to a web site or web app to flag up suspicious and malicious activity on the site. Johannes does a better job of explain than I could so I’d recommend a read of his post, but put simply the traps discussed are:

  • Don’t hand session credentials to automated clients
  • Add fake admin pages to robots.txt
  • Add fake cookies
  • Add ‘Spider loops’
  • Add fake hidden passwords as HTML comments
  • Use ‘hidden’ form fields

All of the ideas are relatively simple to implement to a greater or lesser extent. I’ve spend the last week experimenting with some of the proposals and have seen some success so far. If I gain any unusual or interesting results I share my findings in a future post.

Andrew Waite

P.S. if your not already following the AppSec Street Fighter blog I’d highly recommend it.

Advertisements
Categories: Honeypot, InfoSec
  1. 2009/08/05 at 02:04

    Hi, Sorry for comment here because your blogspot require registration….

    Reference to the nepenthes post, here is my 2 cents :

    You can test the nepenthes by enable the x2 and x3, details can be found here :

    http://www.honeybird.hk or http://www.remoteroot.net/2008/07/22/testing-nepenthes-works

    Meanwhile, anyone had enable the submit-virustotal and does it work? I want to use a gmail a/c but seem the submit-virustotal does not support ssl pop3.

    • 2009/08/05 at 08:01

      Hi,

      no problem with the comment here, I’m migrating away from the blogspot service, it will be decomissioned once I get all the links edited.

      Thanks for the links the x# modules aren’t something I’d given much of a look at, and wasn’t aware of their usefulness, one more thing to add to my todo list now 🙂

      I’ve had the same problem as you with the sumbit-virustotal module (although admittedly I haven’t spent enough time to determine if it’s a simple pebkac error…)

  1. 2010/06/17 at 15:33
Comments are closed.
%d bloggers like this: