Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Honeypot Processors: Basic Authentication Processor

    The basic authentication processor is responsible for emulating a vulnerable authentication mechanism in the web application. This is done by publicly exposing fake server configuration files (.htaccess and .htpasswd) that appear to be protecting a resource with basic authentication (a part of the HTTP protocol). To the attacker, the site will appear to be exposing a sensitive administrative script on the site, with weak password protection. As the malicious user identifies the availability of such publicly exposed files, they are walked through a series of steps that emulate exposing an additional piece of information. As the final step, if they end up breaking the weakly authenticated password, they will be considered a high threat.

    Note: This processor should only be used when the site is using Apache as front end web servers due to particular files involved (.htaccess and .htpasswd) being specific to Apache web server.)

    Note: Browsers often ignore the body content of HTTP responses if the status code is anything other than 200. For best compatibility with different browser versions, you may wish to use a 200 status code when uploading responses such as images or executable code.

    Table 1: Basic Authentication Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Whether traffic should be passed through this processor.

    Processor Enabled

    Boolean

    True

    Advanced

    Authorized Users

    Collection

    Collection

    A list of authorized user accounts.

    Protected Resource URL

    String

    [random resource]

    The fake protected resource.

    Protected Resource Response Status

    String

    [random status]

    The HTTP status to return when accessing the resource.

    Randomization Salt

    String

    Random

    A random set of characters used to salt the generation of code. Any value is fine here.

    Incident: Password Cracked

    Boolean

    True

    The user has successfully accessed a fake protected resource using a cracked username and password.

    Incident: Apache Configuration Requested

    Boolean

    True

    The user has requested the apache directory configuration file .htaccess.

    Incident: Apache Password File Requested

    Boolean

    True

    The user has requested the apache password file .htpasswd

    Incident: Invalid Credentials

    Boolean

    True

    The user has attempted to login to access the fake file protected by basic authentication, but failed.

    Incident: Protected Resource Requested

    Boolean

    True

    The user has requested a fake file which is protected by basic authentication.

    Published: 2013-11-20