High Interaction Honeypot Analysis Toolkit
High Interaction Honeypot Analysis Toolkit (HIHAT) is a software with the capability of turning any PHP application such as phpmyadmin or phpnuke into a high interaction honeypot. HIHAT works by adding it’s own PHP code into all existing PHP pages/scripts of the application. These generate code were meant to provide logging of every connection attempt to the PHP pages by storing connection detail in MySQL database. HIHAT can handle many types of web security attacks such as SQL injection, Remote File Inclusion (RFI), and Cross Site Scripting (XSS).
HIHAT also include a simple web interface for analyzing stored logs in database. This interface consist of a few capabilities such as displaying most common attack types, attack methods, or a mapping of attacker locations based on their IP.
The installation of HIHAT is pretty simple and straightforward. You just need a running MySQL server and a web server for the log server and analysis tool. While the conversion process of the PHP application require you to run a java program, this means you need a machine with Java Runtime Environment (JRE) installed. For more detail about installation you can go to their installation page.
The bad thing about HIHAT I think is the lack of update and maintenance. I don’t know when was the last time its developer updates its files. The one I downloaded and used from their home page has some issues with compatibility . For example their MySQL dump file has some syntax errors if used with recent MySQL server. You have manually modify their sql file by changing timestamp(14) syntax into timestamp and TYPE with ENGINE.
If you are going to use HIHAT in your academic work, I have found their paper which you can download from here.
- In search of linux distro with beautiful desktop - October 21, 2015
- Mount Network Drive Using Windows CMD - January 28, 2015
- Install Dropbox on Linux - January 25, 2015
Cross Site Scripting, honeypot, mysql, php, Remote File Inclusion, RFI, SQL injection, SQLi, XSS
Pak, saya lagi coba install hihat juga untuk keperluan penelitian skripsi.
Mau tanya, apakah bapak masih ingat versi PHP berapa yang digunakan?
Soalnya kalau versi baru kan sudah tidak terlalu compatible lagi bahasa pemrogramannya.
Saya mau install PHP versi lama aja supaya tidak ada error.
Maaf karena ini sudah 4 tahun lalu jadi saya sudah lupa. Seingat saya saya gunakan instalasi PHP tahun 2013 dari Repo Ubuntu langsung tidak masalah.
Tapi melihat situasi sepertinya HIHAT terakhir diupdate tahun 2007, sebaiknya menggunakan tool lain. Terutama karena mau digunakan untuk skripsi dari pada ada error lain di belakang.
Di sini ada list beberapa Honeypot yang sepertinya cukup update.
https://github.com/paralax/awesome-honeypots#honeypots
Iya pak, mungkin saya coba gunakan Honeypot lain aja.
Terimakasih atas bantuannya 🙂