Tracing intruders using web application honeypot with metasploit contents

Abstract

In recent years, it is impossible to say that the system is fully secured with no vulnerability. Hacking professionals use techniques to hide their real identity and always sweep out log records before leaving in such a way that security expert cannot trace them. Researchers and network administrators have applied several approaches to monitor and analyze malicious tra c for malicious content by monitoring network components, aggregating IDS alerts, and using di erent types of honeypot. We propose a web application honeypot that contains undetectable encoded metasploit contents and integrated into real web application from di erent location. It can be exploited by an attacker using brute-force or SQL injection attacking method. Our algorithm detects attacking IP address and diverts them to honeypot. By logging in our honeypot system by brute-force method or commonly used user and password, attackers can nd hacked contents which can be thought as important and original. When they copy any of these contents to their system and try to open it, exploited code in les will run on attacker's system and give us backdoor through msfconsole immediately to control and analyze their hardware and software resources, tools, and activities. We collect and store all activities and resources information of the intruder system into database. Analysis of the stored information can give insights into attacking methodologies, techniques and levels; such insights can help us to design more secured system.