Glastopf Web application honeypot gets SQL injection emulation capability

The Honeynet Project releases SQL injection emulator for the open-source Glastopf web application honeypot

The Honeynet Project, a non-profit organization that develops open-source security research tools, has created a component for the Glastopf Web application honeypot software that can emulate applications vulnerable to SQL injection attacks in order to trick attackers into revealing their intentions.

In the context of computer security, honeypots are systems that are intentionally left vulnerable in order to collect technical information about attacks. That information can be used to strengthen the security of other systems found on the same network or to develop attack signatures for security products like firewalls.

Honeypots can be used by researchers to discover previously unknown attacks and capture previously undetected malware or can be used by businesses to understand how a system exposed to the Internet with a particular configuration would be targeted by hackers.

One of the several honeypot tools created by people involved in the Honeynet Project is called Glastopf and consists of a Web server that dynamically emulates vulnerable Web applications in order to attract attackers.

Glastopf has been in development since 2009 and is currently at version 3. However, until last week, it lacked the capability of emulating SQL injection vulnerabilities, an important class of Web application vulnerabilities that are commonly targeted by attackers.

That's no longer the case, because on Saturday the Honeynet Project released an SQL injection "handler" for the Glastopf web application honeypot.

The new component was developed as part of Cyber Fast Track, a research program funded by the Defense Advanced Research Projects Agency (DARPA), a research arm of the U.S. Department of Defense.

"The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings," the Honeynet Project said in a blog post on Saturday. "It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code."

SQL injection vulnerabilities allow attackers to write malicious data into a website's database or to extract sensitive information from it. Because of this, they can result in serious data breaches.

According to a semi-annual report released by security firm Imperva in August, the median number of SQLi attacks experienced by a typical Web application between December 2011 and May 2012 was 17.5 and in the worst case it was 320.

According to a report from the Honeynet Project that describes the implementation of the Glastopf SQL injection emulator in more detail, limited tests performed with the new component revealed an attack rate of 10 SQL injection attacks per day.

That's probably because the new SQL injection component can emulate multiple vulnerabilities at once, therefore attracting more attackers than a typical Web application does.

It does this by exposing paths indicating the existence of a known vulnerability to search engine crawlers. Glastopf's developers call these path-based vulnerability signatures "dorks" and they serve as bait for attackers.

"Querying the search engine for the characteristic of a potentially vulnerable web application will return our honeypot dorks in the search results (probably among other results which point to real and vulnerable web applications)," they explained in the report.

Glastopf can use predefined SQL injection dorks built for known vulnerabilities, but can also build new dorks from the attacks it sees by automatically adding the paths attackers try to access to the database.

"The attack surface general approach is successful and future data analysis will reveal if the new features, like data clustering for dork selection and external dork sources, will increase the amount of malicious requests per day," the developers said in the report.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

Gadgets & Things


Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?