Folks, I am very pleased to announce the publication of our Know Your Tools paper: Glastopf - A dynamic, low-interaction web application honeypot authored by Lukas Rist of the Chicago Honeynet Project Chaper and Sven Vetsch, Marcel Kossin, and Michael Mauer.
The paper is available from http://honeynet.org/papers/KYT_glastopf.
Currently, attacks against web applications make up more than 60% of the total number of attempted attacks on the Internet. Organizations cannot afford to allow their websites be compromised, as this can result in serving malicious content to customers, or leaking customer's data. Whether the particular web application is part of a company's website, or a personal web page, there are certain characteristics common to all web applications. Most people trust in the reliability of web applications and they are often hosted on powerful servers with high bandwidth connections to the Internet. Considering the large number of attacks and knowing the potential consequences of successful break-ins, we decided to put a bit more effort into the development of honeypots to better understand these attacks.
In this paper, we introduce Glastopf, a low-interaction web application honeypot capable of emulating thousands of vulnerabilities to gather data from attacks that target web applications. The principle behind it is very simple: reply to the attack using the response the attacker is expecting from his attempt to exploit the web application. We provide an overview of the attacks on web applications, describe examples collected with Glastopf, and discuss possible usages of data collected.
Glastopf can be downloaded from http://glastopf.org/ and a mailing list for help/suggestions and advice is available at https://public.honeynet.org/mailman/listinfo/glastopf.