Response Processors: Google Map Processor

The Google Map Processor provides a counter response called the “Google Map Response”. When this response is activated, the user will be shown an overlay dialog with a google map of their geo location (as resolved from their IP address using MaxMind Geo IP). It will then recommend 4 google search results on a configured term (default is ‘Criminal Attorney’). The intention is to scare the individual into believing that we know where they live and plan to attempt prosecution.

The google map response requires several things in order to work. First, you must obtain a google map API key and set it in configuration. Until you do this, you will not be able to enable the processor. Once enabled, if you activate the processor on a user, they will only see the response if WebApp Secure can resolve their geo location from MaxMind GeoIP. If a geo location cannot be resolved, the map will not be displayed. Additionally, the google map response is not a default response for any activity, so unless you manually activate it, or create a custom auto response rule to activate it, it will never be used.

Keep in mind that by activating this response, you are effectively broadcasting your public google map API key to the attacker. If the attacker decides to exploit this fact, they can easily drain your google map request and search result quotas. As such, it is important to get an API key for a junk google development account, so that your quota’s are not shared with legitimate site functions. You should also not sign up for paid quota extensions on that particular account, as that could allow the attacker to run up your bill. Just use the free quotas.

Table 42: Google Map Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

False

Whether traffic should be passed through this processor.

Google API Key

String

[Not Set]

The API key issued by Google to authorize the map API to be used on the domain being protected by WebApp Secure. This API key should be enabled for both Google Map API v3, and the Places Search API.

Advanced

Default Search Term

String

"Criminal Attorney"

The default term to search for localized locations on.

Dismissal Resource

Map Dismissal Resource

mapdata

The information needed to define the URL and response used to dismiss a map.

Map Directory

String

mapdata

The name of the directory where the map Javascript and css code will be served from. For example: mapdata.