What is a honeypot?

Believe everybody knows the main function of honey pot is used to confuse or ensnare silly roe deer (attacker) attack behavior. Through the honeypot, we can see exactly how the attacker attacked us. A good honeypot should have a high degree of interaction and authenticity, otherwise it will be easier for attackers to find that they are doing something meaningless! Below, let’s use an example to show how a simplest honeypot can be written (mainly to simulate HTTP services).

Code main implementation: the establishment of a SOCKET SOCKET, used to listen to the data of the specified port, and then according to the SPECIFICATION of the HTTP protocol to send packets and entity content!

The following is a simple honeypot writing example, using VB.NET language

Button1_Click Button event: Create a new thread to start the honeypot’s HTTP service StartHttpservice The honeypot’s main working process code, loop listening to simulate the response of the HTTP service GetBytes to convert the string to a binary array, and all data transfer within the socket is in binary

Imports System.Net Imports System.Net.Sockets Public Class Form1 Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click Dim g As New Threading.Thread(AddressOf StartHttpservice) g.IsBackground = True g.Start() End Sub Private Sub StartHttpservice() Dim buffer(4095) As Byte Dim length As Integer Do Dim socket As New Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp) socket.Bind(New IPEndPoint(IPAddress.Loopback, 8080)) socket.Listen(100) While True 'create a new client for the current connection Dim client As socket = socket.accept' obtain the client request length length = client.Receive(buffer, buffer.Length, SocketFlags. None) 'to Print out the client's request HTTP header contents Debug. Print (System. Text. Encoding. The Default. Get string (buffer, 0, Length)) 'defines the return HTML entity content, Dim responseBody As String = "< HTML ><head><title>form socket server</title></head><body><h1>hello,world<br>System Time:" & DateString & " " & TimeString & "</h1></body></html>" 'define the HTTP response header message content Dim SendHeads As the New System. Text. StringBuilder SendHeads. AppendLine (" HTTP / 1.1 200 OK ") SendHeads.AppendLine("Content-Type:text/html; charset=UTF-8") SendHeads.AppendLine("Host:localhost") SendHeads.AppendLine("Content-Length:" & responsebody.Length) Sendheads.appendline ("") 'Sends HTTP header status information to the client client.send (GetBytes(sendheads.toString))' Sends the content part to the client Client.send (GetBytes(responseBody)) 'Disconnect the current client connection client.close () Exit While End While Socket.close () Loop End Sub Private Function GetBytes(text As String) As Byte() Return System.Text.Encoding.Default.GetBytes(text) End Function End ClassCopy the code

Here are the results of my test when I entered the address of the honeypot in my browserIn this way, we have implemented a simple honeypot that can record the requests sent by the attacker.

If we spread our thinking a little bit, we could put some static pages locally, separate the path from the requests received from the honeypot for requests to local files, and achieve a basic interaction

If you need a high degree of interaction and don’t want to write too much code, you can set up a real WEB environment in the local, and then separate the attacker’s request URL in the honeypot for the local request to obtain the results, and then return to the attacker, you can achieve a real WEB dynamic interaction.

Because I am not very good at words to express too many things, the writing of honey pot is simply described here!!