GSoc Project #9 - Managing Honeypot Clients

Adapting to some of the challenges presented by attempting to operate larger, longer running deployments of client honeypots (both high and low interaction) by simplifying and improving our ability to deploy and manage large client honeypot farms.

Primary Mentor: Ian Welch
Student: Thibaut Gadiolet
Deliverables:
WP1. Implement a web application that allows the uploading of lists of URLs to manage. These will be stored persistently in a database allowing long term trend information to be collected and managed.

WP2. Extending David Stirling's work. Define a standard web interface with client honeypots and extend the web application to issue requests to a dummy client honeypot and collect results that are stored persistently.

WP3. Implement functionality for accessing results for a set of URLs from the persistent store. This should allow viewing individual runs as well as a history of runs.

WP4. Implement scheduling functionality to allow a queue of work to be created that can be submitted as resource becomes available.

WP5. Extend the web application to support authenticated users and place controls on access to the exposed client honeypots. Support for adding users, organisations and individual honeypots.

WP6. Integrate with the Client Honeypot installation based at Victoria University.
Timeline:

  • Week 1-2:
  • Week 3-4:
  • Week 5-6:
  • Week 7-8:
  • Week 9-10:
  • Week 11-2: Finish coding and undertake system testing.
  • Weeks 13 and 14: Get feedback from communities. Document and complete testing. Package for delivery.

Quick Update

Hi Folks,
I worked on the Front-End to make my interface more user-friendly, I don't detail every modifications, we can split them in three:

  • Profile Management
  • Organisation Management
  • Honeyclient Management

My code is under Honeynet Subversion so you can consult it if you're curious !I also corrected a lot of bugs even if some of them are a bit persistent....

Data model and tutorial

Hi everyone,
I just wanted to share few things with you about my project.
I'm still very excited to work on my project and if anyone is intersted in what I've done, here is a short tutorial I created to setup the project quickly.
If some kind people would like to test it to give me their feedback. It could be the best way for me to improve it.

http://docs.google.com/View?id=dfmnx2fx_74g99bnpgx

HoneyWeb, a web interface to manage client honeypots

Hi folks !

As the GSoC started, this blog entry will introduce to you, myself and my project.

My name is Thibaut, I am still a student like all GSoC participants I guess and I belong to the ENSI of Bourges (France). I took one year off for doing research at the university of Maryland (USA) in the IT security field, especially in honeypots.

.:: HoneyWeb Overview ::.

 

Goals:

Provide a web interface to manage honeypot clients (both low and high interaction), and share results between different organisations.

  • Handling access to client honeypots.
  • Submitting URLs.
  • View results, history of websites, graphs...
  • Registering (Organisations, users, honeypots).
Syndicate content