Glastopf Web application honeypot gets SQL injection emulation capability

The Honeynet Project releases SQL injection emulator for the open-source Glastopf web application honeypot

The Honeynet Project, a non-profit organization that develops open-source security research tools, has created a component for the Glastopf Web application honeypot software that can emulate applications vulnerable to SQL injection attacks in order to trick attackers into revealing their intentions.

In the context of computer security, honeypots are systems that are intentionally left vulnerable in order to collect technical information about attacks. That information can be used to strengthen the security of other systems found on the same network or to develop attack signatures for security products like firewalls.

Honeypots can be used by researchers to discover previously unknown attacks and capture previously undetected malware or can be used by businesses to understand how a system exposed to the Internet with a particular configuration would be targeted by hackers.

One of the several honeypot tools created by people involved in the Honeynet Project is called Glastopf and consists of a Web server that dynamically emulates vulnerable Web applications in order to attract attackers.

Glastopf has been in development since 2009 and is currently at version 3. However, until last week, it lacked the capability of emulating SQL injection vulnerabilities, an important class of Web application vulnerabilities that are commonly targeted by attackers.

That's no longer the case, because on Saturday the Honeynet Project released an SQL injection "handler" for the Glastopf web application honeypot.

The new component was developed as part of Cyber Fast Track, a research program funded by the Defense Advanced Research Projects Agency (DARPA), a research arm of the U.S. Department of Defense.

"The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings," the Honeynet Project said in a blog post on Saturday. "It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code."

SQL injection vulnerabilities allow attackers to write malicious data into a website's database or to extract sensitive information from it. Because of this, they can result in serious data breaches.

According to a semi-annual report released by security firm Imperva in August, the median number of SQLi attacks experienced by a typical Web application between December 2011 and May 2012 was 17.5 and in the worst case it was 320.

According to a report from the Honeynet Project that describes the implementation of the Glastopf SQL injection emulator in more detail, limited tests performed with the new component revealed an attack rate of 10 SQL injection attacks per day.

That's probably because the new SQL injection component can emulate multiple vulnerabilities at once, therefore attracting more attackers than a typical Web application does.

It does this by exposing paths indicating the existence of a known vulnerability to search engine crawlers. Glastopf's developers call these path-based vulnerability signatures "dorks" and they serve as bait for attackers.

"Querying the search engine for the characteristic of a potentially vulnerable web application will return our honeypot dorks in the search results (probably among other results which point to real and vulnerable web applications)," they explained in the report.

Glastopf can use predefined SQL injection dorks built for known vulnerabilities, but can also build new dorks from the attacks it sees by automatically adding the paths attackers try to access to the database.

"The attack surface general approach is successful and future data analysis will reveal if the new features, like data clustering for dork selection and external dork sources, will increase the amount of malicious requests per day," the developers said in the report.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?