A 'honeypot' is designed to detect server-side attacks. In contrast, a 'honeyclient' is designed to detect client-side attacks. Specifically, a honeyclient is a dedicated host that drives specially instrumented applications to access remote servers to see if those servers are behaving in a malicious manner (by compromising the client). Honeyclients can proactively detect exploits against client applications without known signatures. This framework uses a client-server model with SOAP messaging as the primary communication method, and uses the free version of VMware Server as a means of virtualizing the client environment.
|Tags||Internet Web Browsers Security Indexing/Search Forensics Monitoring|
|Operating Systems||POSIX Linux Windows Cygwin|
Release Notes: Real-time integrity checking (via a modified version of Capture-HPC). Drone database / Web service support: a Ruby on Rails application to keep track of malware and centralize URL processing across different honeyclients. Improved stability. Improved firewall support. Complex pages (including external IFRAMES) now render completely within the honeyclient.
Release Notes: This release resolves ticket #68, which caused the program to block you from starting a Manager process without initializing a database (even if you disabled database support). To upgrade, simply download the new HoneyClient-Manager-0.99.tar.gz package, as no other packages have changed.
No changes have been submitted for this release.