Hide Navigation Pane
Show Navigation Pane
Download
SHA1
Honeypot Processors: Basic Authentication Processor
The basic authentication processor is responsible for emulating a vulnerable authentication mechanism in the web application. This is done by publicly exposing fake server configuration files (.htaccess and .htpasswd) that appear to be protecting a resource with basic authentication (a part of the HTTP protocol). To the attacker, the site will appear to be exposing a sensitive administrative script on the site, with weak password protection. As the malicious user identifies the availability of such publicly exposed files, they are walked through a series of steps that emulate exposing an additional piece of information. As the final step, if they end up breaking the weakly authenticated password, they will be considered a high threat.
 | Note: This processor should only be used when the site is using Apache as front end webservers due to particular files involved (.htaccess and .htpasswd) being specific to Apache webserver.) |
| Note: Browsers often ignore the body content of HTTP responses if the status code is anything other than 200. For best compatibility with different browser versions, you might want to use a 200 status code when uploading responses such as images or executable code. |
Table 14: Basic Authentication Processor Configuration Parameters
Parameter | Type | Default Value | Description |
|---|---|---|---|
Basic | Whether traffic should be passed through this processor. | ||
Processor Enabled | Boolean | True | |
Advanced | |||
Authorized Users | Collection | Collection | A list of authorized user accounts. |
Protected Resource URL | String | [random resource] | The fake protected resource. |
Protected Resource Response Status | String | [random status] | The HTTP status to return when accessing the resource. |
Randomization Salt | String | Random | A random set of characters used to salt the generation of code. Any value is fine here. |
Incident: Password Cracked | Boolean | True | The user has successfully accessed a fake protected resource using a cracked username and password. |
Incident: Apache Configuration Requested | Boolean | True | The user has requested the apache directory configuration file .htaccess. |
Incident: Apache Password File Requested | Boolean | True | The user has requested the apache password file .htpasswd |
Incident: Invalid Credentials | Boolean | True | The user has attempted to login to access the fake file protected by basic authentication, but failed. |
Incident: Protected Resource Requested | Boolean | True | The user has requested a fake file which is protected by basic authentication. |
