PythonHoneyMonkey: Client Side Attack Detection Tool

Abstract

Attackers have ramped up their efforts with a dangerous cocktail of social engineering, web based attacks and persistence. Security researchers have been trying to be more proactive in finding measures rather being passive to safe guard information security. One of such proactive measures for information security are Honeypots whose value lies in being probed and compromised. Client side Honeypot poses as client and interacts with malicious servers that attack clients. In this process, Honeypot examines the type of attack and also the address which is responsible for that particular attack. In this thesis work an answer is provided to the question asked by proposing multi platform, open source and quick to deploy tool PythonHoneyMonkey. It is a web browser based high interaction client honeypot system. PythonHoneyMonkey creates a pipeline for directing multiple Operating Systems to open web URLs provided to them using their web browser softwares. If any kind of vulnerability exploit occurs, it is detected by network intrusion system Snort deployed in honeypot client machines. Snort creates a log or event at a remote database server which is then processed accordingly. This processing helps us creating a blacklist of web urls and events they cause for the client honeypot system.