Locked History Actions

HoneySpiderNetworkCapture

HoneySpider Network Capture-HPC NG

The HoneySpider Network Project is a joint venture between NASK/CERT Polska, GOVCERT.NL and SURFnet. The goal was to develop a client honeypot system, based on existing state-of- the-art client honeypot solutions and a novel crawler application specially tailored for the bulk processing of URLs. This system focuses primarily on attacks against, or involving the use of, Web browsers.

The original Capture-HPC was developed by Christian Seifert and Ramon Steenson of the New Zealand Chapter. It was adapted to the requirements of the HSN project, which resulted in about half of the code being rewritten. HSN Capture-HPC extends standard Capture-HPC functionality with features like listening for commands on TCP socket, support of VirtualBox and KVM via specially crafted scripts and extended logging.

Full list of changes:

  • major changes to logging format (including flags to mark when urls stop processing)
  • ability to work with VirtualBox / KVM (new revert scripts - only GNU/Linux versions)

  • support to work with single-image virtual machines (one base-disk immutable image)
  • several stability fixes
  • removed several bugs (deadlocks, npes, etc.)
  • case sensitivity of URLs added
  • simplified configuration files
  • logging via log4j
  • broken zips handling (repairer added)
  • uploading URLs both via file and socket
  • exclusion lists reloading added (command send via socket)
  • uploaded URL may have unique ID (changed format of output.log file to support URL ID)
  • log/zip files created with a+r flags
  • log directories created with a+rx flags

Binary files for HSN Capture-HPC NG are available for download.

Source code of the project is available on github. Feel free to clone it:

git clone https://github.com/CERT-Polska/HSN-Capture-HPC-NG.git

HSN Capture-HPC NG is shipped with "stock" exclusion lists. To use Capture, the lists need to be modified and tailored to individual needs of a user.

Contributors (in alphabetical order):

Following people contributed their time and knowledge so this project could be released.

  • Paweł Jacewicz
  • Jarosław Jantura
  • Piotr Kijewski
  • Paweł Krześniak
  • Piotr Lewandowski
  • Marcin Mielniczek