We where glad to announce yet another tool during our annual workshop in San Francisco. Glaspot is the third version of the web application honeypot Glastopf and it come with some very powerful new features:

• A build-in PHP sandbox for code injection emulation, allowing us to bring vulnerability emulation to a new level
• Hooked up to the HPFeeds generic data feed system for centralized data collection and tight integration into our sandbox and web server botnet monitoring system
• Modular implementation: Turn your web application into a honeypot with a few easy steps
• Runs in his own lightweight Python server or as a WSGI module in common web server environments
• Automated attack surface generation and expansion

In the next three months we are working on even more exciting new features and a much stronger integration into our web thread analysis platform.
Additionally Phani Vadrevu got accepted as a Google Summer of Code student to help us with additional improvements like request classification based on attacker profiling, hardening the internal sandbox and extending the attack surface. Details can be found in his project description: Glastopf Improvements.

Tillmann Werner from the Giraffe Honeynet Project chapter just released the first version of “streams”, a tool for browsing, mining and processing TCP streams in pcap files. If you ever needed to process large pcap files on a session level, you will love this tool. Have a look at the README to get an impression of its
capabilities.

The README contains some sample output and tool description.

Tillmann’s talk “High Performance Sniffing” from The Honeynet Project public workshop covers this tool:

Hello all!

In Last night we had released the newest version of PicViz suite (that contains all PicViz tools). Specifically for the GUI, now we can brush the lines dynamically and apply zoom in graph. To allow line brush has been necessary reimplement some important classes of PyQt used in the GUI. It wasn’t easy. But now it works, despite of we must continually improve the line (event) selection.

Get it!