Honeypots mailing list archives
Tool Release HoneyWeb-0.4
From: "ktimm" <ktimm () var-log com>
Date: Sun, 16 Feb 2003 13:21:41 -0600
Hello all, I'm pleased to announce the release of HoneyWeb. HoneyWeb is available at http://var-log.com HoneyWeb is a deception based web server like program that can be used as a standalone server or in conjunction with HoneyD http://www.citi.umich.edu/u/provos/honeyd/ to provide request based http header spoofing and page serving. HoneyWed does basic regex comparison to incoming request to determine what associated headers to return. HoneyWeb works in basically two modes "Persistent" and "Non- Persistent". In "Non-persistent" mode HoneyWeb is basically a more intelligent netcat and returns back 200 OK for every request, unless defined otherwise, along with the other associated headers for that type of server. In "Persistent" mode HoneyWeb will remember the IP and always return the same version to the same IP for a specified period of time, in addition it will do basic request comparisons betweeen server families to determine if a 404 should be sent back or not. HoneyWeb does some bogus request checking and sends back server specific error pages on bogus requests. Attack specific pages can be specified to make HoneyWeb appear more real for interactive attackers. SSL support can be provided with the use of stunnel http://www.stunnel.org . HoneyWeb is written in Python and should run on anything with Pyhton 1.5 and better. It has been tested on W2K inaddition to Linux platforms. HoneyWeb does try to follow the HTTP protocol closely returning errors on improper versions and syntax. HoneyWeb logs request specific info into hw-log files in the log directory. In addition, unmatched requests are logged in the newsigs file. Questions / Comments / Suggestion forward to ktimm () var-log com
Current thread:
- Tool Release HoneyWeb-0.4 ktimm (Feb 16)