Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Honeypot Processors: Basic Authentication Processor

    The basic authentication processor is responsible for emulating a vulnerable authentication mechanism in the web application. This is done by publicly exposing fake server configuration files (.htaccess and .htpasswd) that appear to be protecting a resource with basic authentication (a part of the HTTP protocol). To the attacker, the site will appear to be exposing a sensitive administrative script on the site, with weak password protection. As the malicious user identifies the availability of such publicly exposed files, they are walked through a series of steps that emulate exposing an additional piece of information. As the final step, if they end up breaking the weakly authenticated password, they will be considered a high threat.

    Note: This processor should only be used when the site is using Apache as front end webservers due to particular files involved (.htaccess and .htpasswd) being specific to Apache webserver.)

    Note: Browsers often ignore the body content of HTTP responses if the status code is anything other than 200. For best compatibility with different browser versions, you might want to use a 200 status code when uploading responses such as images or executable code.

    Table 1: Basic Authentication Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Whether traffic should be passed through this processor.

    Processor Enabled

    Boolean

    True

    Advanced

    Authorized Users

    Collection

    Collection

    A list of authorized user accounts.

    Protected Resource URL

    String

    [random resource]

    The fake protected resource.

    Protected Resource Response Status

    String

    [random status]

    The HTTP status to return when accessing the resource.

    Randomization Salt

    String

    Random

    A random set of characters used to salt the generation of code. Any value is fine here.

    Incident: Password Cracked

    Boolean

    True

    The user has successfully accessed a fake protected resource using a cracked username and password.

    Incident: Apache Configuration Requested

    Boolean

    True

    The user has requested the apache directory configuration file .htaccess.

    Incident: Apache Password File Requested

    Boolean

    True

    The user has requested the apache password file .htpasswd

    Incident: Invalid Credentials

    Boolean

    True

    The user has attempted to login to access the fake file protected by basic authentication, but failed.

    Incident: Protected Resource Requested

    Boolean

    True

    The user has requested a fake file which is protected by basic authentication.

    Published: 2014-06-27