Glastopf Honeypot
written by Lukas Rist on October 10. 2009
Many of today's most advanced attacks now happen at the web application layer. This solution is designed to capture information on the latest web application attacks using scalable and easy to deploy low-interaction server honeypots.Glastopf is a minimalistic web server emulator written in Python. The Honeypot tool collects information about web application-based attacks like for example remote file inclusion, SQL injection, and local file inclusion attacks. Glastopf scans the incoming request for strings like "=http://" or "=ftp://". If this matches, we try to download and analyze the file and respond as close as possible to the attacker's expectations. If we fulfill them, the attacker sends us for example a bot, shell or spreader. Those files could for example be analyzed for IRC information to infiltrate the botnet behind this kind of attacks. The collected data is stored in a MySQL database that can be browsed via a web interface.