Honeypot Processors: AJAX Processor

A mistake commonly made by web developers is to consolidate every JavaScript file used by their website into a single file. They then reference that one file from every page on the site, regardless of whether it needs all of the code defined in the file. This is an optimization trick that works, but exposes potential vulnerabilities. The goal is to get the browser to cache all of the external JavaScript, so that you don't need to keep downloading additional code as you navigate the site. Consider the case where one of the pages on the site contains an administrative console written with AJAX technology. In the administrative page, there is a JavaScript file that contains code for managing users of the site (creating user, deleting users, getting user details, and so on). Normally only administrators would visit this page, and they would be the only ones who can see this code. Once all JavaScript on the site is consolidated however, these types of sensitive functions tend to get mixed into the rest of the safer functions. Hackers look for these types of functions in order to find both the administrative page that uses them, as well as exploit the function itself. The goal of this trap is to emulate this common mistake and entice hackers into attempting to exploit the "sensitive looking" function.

Table 13: AJAX Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether traffic should be passed through this processor.

Advanced

Inject Script Enabled

Boolean

True

Whether to inject the fake Javascript code into HTML responses.

Service

Configurable

AJAX Service

The fake service to expose.

Incident: Malicious Script Execution

Boolean

True

The user executed the fake JavaScript function.

Incident: Malicious Script Introspection

Boolean

True

The user manually entered the URL into the browser and accessed the service that way. They did not call the function.