Introduction

glastopf-logoA honey pot is a computer system on the Internet that is expressly set up to attract and “trap” people who attempt to penetrate other people’s computer systems. To set up a honey pot on Paspberry Pi, I recommend to use Glastopf. Glastopf is a web application honeypot project lead by Lukas Rist a.k.a glaslos of the Honeynet Project. The Glastopf project started in the year 2009. It is a simple and minimalistic web server written in Python that records information of web-based application attacks like Structured Query Language Injection (SQLI), Remote Code Execution (RCE), Local File Inclusion (LFI), Remote File Inclusion (RFI), and many more, because it emulates web application vulnerabilities tricking attackers or scanners that it is a vulnerable web server.

Step 1. Installation the dependencies of Glastopf

Prerequisite:  Your system should install apache, mysql, python.

For example, let show of mysql Installation by running below commend:

1.0 $sudo  apt-get install mysql-server mysql-client php5-mysql

      $sudo apt-get install phpmyadmin

      $sudo vi /etc/apache2/apache2.conf to include below line:

             Include /etc/phpmyadmin/apache.conf

SSH into your console then install the dependencies for the web honeypot.

1.1. Add the backports repository to your sources list file, which can be found under the /etc/apt directory:

sudo echo “deb http://backports.debian.org/debian-backports squeeze-backports main” >> /etc/apt/sources.list

1.2. Now let’s install the dependencies:

sudo apt-get update
sudo apt-get install python python-openssl python-gevent libevent-dev python-dev build-essential make

sudo apt-get install python-argparse python-chardet python-requests python-sqlalchemy python-lxml   ( Error for python-argparse, so run the following)

sudo apt-get install python-argparse python-chardet python-requests python-sqlalchemy python-lxml

sudo apt-get install python-beautifulsoup python-pip python-dev python-numpy python-setuptools
sudo apt-get install python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev liblapack-dev gfortran

sudo apt-get install libxml2-dev libxslt-dev

sudo pip install –upgrade distribute   (Error to upgrade)

Step 2. Install and configure the PHP sandbox

The next thing that we should do is to configure the PHP sandbox.

2.1. First, we download BFR (Better Function Replacer) by using git:

$ sudo apt-get install git-core
$ cd /opt
$ sudo git clone git://github.com/glastopf/BFR.git
$ cd BFR
$ sudo phpize
$ sudo ./configure –enable-bfr
$ sudo make && make install

It should have this following message after the make install:

Build complete.
Don’t forget to run ‘make test’.
Installing shared extensions: /usr/lib/php5/20100525/

2.2. Copy or append the search path to bfr.so and add it to php.ini file:

$ sudo echo “zend_extension = /usr/lib/php5/20100525/bfr.so” >> /etc/php5/cli/php.ini

2.3. You should see the extension on the output by using the php –version command in the terminal:

$ php –version
PHP 5.6.14-0+deb8u1 (cli) (built: Oct 28 2015 00:02:05)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies

2.4. Install the latest stable release of Glastopf from pip:

$ sudo pip install glastopf

Step 3. Configuration and Preparation for the Glastopf environment

3.1. Prepare the environment:

$ cd /opt
$ sudo mkdir glastopf

3.2. Stop the apache service so that the web application honeypot could listen to port 80:

$ sudo service apache2 stop

3.3. Now, run the web application honeypot:

$ sudo glastopf-runner

2016-01-02 00:58:34,570 (glastopf.glastopf) Initializing Glastopf 3.1.2 using “/home/pi” as work directory.
2016-01-02 00:58:34,587 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db
2016-01-02 00:58:34,738 (glastopf.modules.handlers.emulators.dork_list.dork_page_generator) Bootstrapping dork database.
2016-01-02 00:58:34,790 (urllib3.connectionpool) Starting new HTTPS connection (1): mnemosyne.honeycloud.net
2016-01-02 00:58:39,378 (glastopf.modules.handlers.emulators.dork_list.mnem_service) Error while communication with mnemosyne: (‘Connection aborted.’, error(113, ‘No route to host’))
2016-01-02 00:59:15,225 (glastopf.glastopf) Generating initial dork pages – this can take a while.

3.4. A new default /usr/bin/glastopf.cfg will be created in the glastopfpi directory, which can be customized to your liking just like what port you want the application to listen on. (In my case, I choose port 80 and that’s why I stopped the Apache service).

3.5. You should see the following output from your terminal as shown by my screenshot result below:

glastopf-browser

Learn More Raspberry Pi from Amazon as below link:

 

Bonus: Error Fixing Case

If you cannot run “sudo” command and get an error message of

“/usr/bin/sudo must be owned by uid 0 and have the setuid bit set”, you can execute the following command to solve:

$ chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

Leave a Reply

Your email address will not be published.

Enter Captcha Here : *

Reload Image