From aldeid
Jump to navigation Jump to search
This page is still a draft. Thank you for your understanding.


Glastopf is a low-interaction web application honeypot capable of emulating thousands of vulnerabilities to gather data from attacks that target web applications. The principle behind it is very simple: reply to the attack using the response the attacker is expecting from his attempt to exploit the web application.

|        Attack event      |
|  Vulnerability emulator  |
|      Collect data        |
      |             |
      V             V
+----------+ +-------------+
| Database | | store files |
+-----+----+ +------+------+
      |             |
|     Reply to attacker    |

For more information, I would recommend that you refer to the excellent technical paper here:




$ sudo apt-get install git subversion python2.7 python-openssl python2.7-dev \
   build-essential make

To run the PHP sandbox, you will also need these packages:

$ sudo apt-get install php5-cli php5-dev php5-cgi subversion

evnet module

First you need to install the libev dependency:

$ wget
$ tar xzf libev-4.18.tar.gz
$ cd libev-4.18/
$ ./configure
$ make
$ sudo make install

You should now be able to install evnet:

$ git clone git://
$ sudo python2.7 install


$ cd ~/src/
$ svn checkout pyev
$ cd pyev/pyev/
$ sudo python2.7 install

Installation the PHP sandbox

$ cd ~/src/
$ svn co apd
$ cd apd/
$ phpize
$ ./configure
$ make
$ sudo make install

At the end of your php.ini file (/etc/php5/cli/php.ini), add these lines:

zend_extension = /usr/lib/php5/20090626+lfs/
apd.dumpdir = /tmp/apd
apd.statement_tracing = 0

Test that the extension is included by issuing following command:

$ php5-cgi --version
PHP 5.3.6-13ubuntu3.6 with Suhosin-Patch (cgi-fcgi) (built: Feb 11 2012 02:08:18)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies
    with Advanced PHP Debugger (APD) v1.0.2-dev, , by George Schlossnagle

Install Glatopf and apd_sandbox.php

Now it's time to create the apd_sandbox.php. To do that we will download Glastopf:

$ cd /opt/
$ sudo svn co svn:// glaspot
$ cd glaspot/trunk/sandbox/
$ sudo make


The minimal configuration is to set up the IP and port used by Glastopf. Open the configuration file:

$ sudo vim /opt/glaspot/trunk/glastopf.cfg

And adapt depending on your environment:

host =
port = 80

enabled = False
host = 
port = 10000
secret = 
# channels comma separated
chan =,glastopf.files
ident =


Start and test the honeypot

Now that everything is configured, it's time to start and test our honeypot. Start it by issuing following commands:

$ cd /opt/glaspot/trunk/
$ sudo python


This section/article is being written and is therefore not complete.
Thank you for your comprehension.