Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Response Processors: Google Map Processor

    The Google Map Processor provides a counter response called the “Google Map Response”. When this response is activated, the user will be shown an overlay dialog with a google map of their geo location (as resolved from their IP address using MaxMind Geo IP). It will then recommend 4 google search results on a configured term (default is ‘Criminal Attorney’). The intention is to scare the individual into believing that we know where they live and plan to attempt prosecution.

    The google map response requires several things in order to work. First, you must obtain a google map API key and set it in configuration. Until you do this, you will not be able to enable the processor. Once enabled, if you activate the processor on a user, they will only see the response if WebApp Secure can resolve their geo location from MaxMind GeoIP. If a geo location cannot be resolved, the map will not be displayed. Additionally, the google map response is not a default response for any activity, so unless you manually activate it, or create a custom auto response rule to activate it, it will never be used.

    Keep in mind that by activating this response, you are effectively broadcasting your public google map API key to the attacker. If the attacker decides to exploit this fact, they can easily drain your google map request and search result quotas. As such, it is important to get an API key for a junk google development account, so that your quota’s are not shared with legitimate site functions. You should also not sign up for paid quota extensions on that particular account, as that could allow the attacker to run up your bill. Just use the free quotas.

    Table 1: Google Map Processor Configuration Parameters



    Default Value



    Processor Enabled



    Whether traffic should be passed through this processor.

    Google API Key


    [Not Set]

    The API key issued by Google to authorize the map API to be used on the domain being protected by WebApp Secure. This API key should be enabled for both Google Map API v3, and the Places Search API.


    Default Search Term


    "Criminal Attorney"

    The default term to search for localized locations on.

    Dismissal Resource

    Map Dismissal Resource


    The information needed to define the URL and response used to dismiss a map.

    Map Directory



    The name of the directory where the map Javascript and css code will be served from. For example: mapdata.

    Published: 2014-06-27