Pythonhoneymonkey: Detecting Malicious Internet Websites On Client Side Honeypots
With increasing awareness of security programming, the number of software vulnerabilities deployed on a machine
have subsequently decreased. These exploitation activity also required efforts of attackers in deploying, exploiting the service.
Firewalls, access control lists (ACL’s), intrusion detection/prevention systems deployed block inbound connections most of
the times. Whereas outbound connections are allowed since they have the permission of user accessing the traffic. A
vulnerable application requesting traffic from an externally hoisted server is exploited and user accessing the application
transfers shell to the server listening remotely. To eradicate this kind of attack technique, this paper focuses on creating a high
interaction honeypot system controlled by a python script. The client honeypot is governed by master running python script
using SSH traffic. Clients collect the urls by specifically crafted web-links crawler. These web links are visited by the
application specified. Then clients report all the suspicious activities performed in the form of logs and alerts created by snort
IDS while running the web pages on client side browsers. This url is further then stored into a blacklist which can restrict
browser from visiting this link in future. We introduce the design and implementation of this system in this paper.