Response Processors: Cloppy Processor

The Cloppy processor is a joke response built for demonstration purposes. It creates an animated paperclip in the lower right corner of the website, which belittles and taunts the attacker. This should never be used on a legitimate threat and is not the default counter response for any type of behavior. It is provided to demonstrate the diversity of counter responses WebApp Secure is capable of. You should never activate this response unless you have a good relationship with the user you are activating it on, and they have a good sense of humor.

You can configure the message and options cloppy presents both in configuration (the default messages), or in the response specific config (the XML you define when you manually activate a response or when you write a rule that activates a response). The oldest cloppy response will be the one for which the messages are loaded, so if you create multiple cloppy responses, you can create a dialog of several messages. For example, try activating cloppy three times with the following config values (create them in the following order):

  1. Activate Cloppy: <config message="This is the first message”><option label="First op" url="" /><option label="Second op" url="" /></config>
  2. Activate Cloppy: <config message="This is the second message”><option label="First op" url="" /><option label="Second op" url="" /></config>
  3. Activate Cloppy: <config message="This is the third message”><option label="First op" url="" /><option label="Second op" url="" /></config>

Once you activate the above 3 cloppy responses, you should see that cloppy will present the "This is the first message" dialog first. Once you click on an option in that dialog, the next page you load will display "This is the second message", and finally, after clicking on one of those options, you should get "This is the third message".

Once you click an option in the cloppy’s dialog, it will dismiss that specific cloppy response. That’s why you are able to stack the responses and get a dialog going.

Table 40: Cloppy Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether traffic should be passed through this processor. Note that just because traffic is passing through the processor, does not mean any users will actually have a Cloppy response activated on them. As such, simply enabling this processor will not result in cloppy being activated for any users. You would still need to manually activate the Cloppy response in the Web UI (or define an auto response rule that activates it, but that is highly discouraged).

Cloppy Message

String

"It looks like you’re an unsophisticated script kiddie attempting to hack this website"

What do you want cloppy to say when offering help?

Cloppy Options

Collection

Collection

The list of ways cloppy can help with associated URLs.

Advanced

Cloppy Directory

String

cloppybin

The name of the directory where the binary resources needed to load cloppy are served from. For example: cloppyfiles. The name should be selected not to conflict with a real directory at the top level of the website.

Cloppy Dismiss Directory

String

Random

The name of the directory used to dismiss cloppy. This URL should be random and not conflict with existing directory names on the site.