How to Trick Hackers & Web Crawlers with Spidertrap
HTML-код
- Опубликовано: 23 авг 2024
- j-h.io/pwyc || Jump into Pay What You Can training for Active Defense & Cyber Deception -- at whatever cost makes sense for you! j-h.io/pwyc
🔥 RUclips ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
I'm adding this to my honeypot.
Yes please.
Second comment on verified 3 letter username 2 months really?
@@Meletion1 What does that mean?
I'm still holding out for the *Hack Like Hammond* training camp. C'mon, it's even catchy, do it, do it, do it. Great video as always!
The hacker tears😢
Love the simplicity of this script :D. I think this idea is like an April 1 gift for script kiddies. Nice content, by the way. :)
The PoC seems ok, but you'd have to think about that a crawler that gets stuck in your domain might be causing other issues like unintentional DoS, especially on low resource machines.
I think the point was to slow the threat actor so that you have time to make decisions, like blocking the same recurring ip making the request or throttling. By that time you should be bale to work on prevention
If you use a spidertrap , then you are more interesting for hackers. They will think, what are you hiding sir? Sometimes it is best to do nothing, just listen. Every force you create has an echo. Your own bad energy will be your undoing - Gogeta SSJ2. Don't annoy hackers, let them scan, just learn and mitigate. Just leave everything normal. Make it seems normal, there is nothing to see here, that is the key. Think like a firewall, are you doing to annoy (infinite loop), deny (send mesage back) or drop (ignore). Just drop and leave it, continue your life. Thanks for the great video!
Or, spin up a "free" *cloud* webserver that's not sitting on your home/business network, have fun and live life. If you can make something "work" and learn something why wouldn't you? Not everything has to be sanitized and cold. Just food for thought, but your point is valid.
I agree. If you had a regular webserver up, maybe a minimal landing page, it would seem like any other server. If you cause their scanner to get stuck or have a false positive, you're making yourself stand out. It acts as a puzzle that's going to peak their curiosity.
In my opinion, I'd prefer an IP ban after x words in dirbuster or x junk links followed.
I'm on the fence about your comment. On one hand your building a moat around your castle, and this will draw unwanted attention to people who are up for a fight. So your saying to not piss off the enemy as for fear of attack? I'm not the quickest of cat's so go easy on me. I mean if they (5 eyes) wants to know who did what, I think they can figure it out. No one has flown anymore jets into buildings since the last time for a reason.
This seems reasonable for public facing servers, but in my case I'm part of an internal blue team and if someone is already inside our network doing scans, then I think we are past that point and anything to slow them down and detect their presence would be of more benefit.
That is sick man
Cyber Deception I like that
You could use triggers in the database whenever any of the links clicked a notification will be send to the operator meaning we are under attack also enhance the look of the site 😂
Nice camouflage tool good stuff
Thanks for sharing 😊
maybe bypassable by matching only pages having a specific word in page src code .(u'll definitely get a word that appears on all true pages and not on fake ones) , it could also be bypassed by response time filtering (fake pages will load much faster).
ffuf -mr(match regex)/-ft (response time filter) ....
I think it would make sense to add a delay for the fake pages, such as 1 second to load, would make it way slower for the pages to be crawled
Great concept, however, would running SpiderTrap not be open to being abused by an attacker via a DOS attack? Constantly creating new sites multiplied by however many threads would use up a lot of resources.
Just resource limit it, limit cpu and ram on containers or vm size. You could probably port this easily to go
Going further block ips per networking quota, just the usual
I assume that wget actually has a "maximum" setting of some sort or other; dynamic vulnerability scanners like ZAP or the like do precisely because of tools like Spidertrap (and also because of designs that might result in loops that are not detected). (Never let beginning developers build a spider - there are just so many ways that it can go wrong.)
Cat and mouse game. 🤷♂️
Well good thing I'm not a developer, my spider should be just fine 😅
This was neat, Thank you!
On burp you can see the Page Lenght and notice that you're on a tool quickly. Light pages dont call much attention, specially with a page that only contain anchors.
This may be cool to deter indiscriminate site scrapers, but last week wget helped me grab a php script for a website service that slices images online, and I really needed to see how the tool was scripted. General website cloners struggle to retrieve most php files. But wget saved my day Yay!
Thank you for the amazing content. Note: On-Demand courses are not available as Pay-What-You-Can course offerings. Says unfortunately.
Thanks a John I really appreciate all your videos highly informative
i wonder if shodan crawlers would get stuck
I had an idea but too many ongoing rn. Basically the idea was that if it detected someone was crawling it would start injecting hidden links that go to an endpoint that returns a location header sending malicious get requests to internal ips. Eg known router exploits. I was thinking of making it as a flask module just as a fun project I'm not sure of the legality of writing and publishing it anyway since it would be illegal to deploy
Notifications after comment
I understand the idea, and I will investigate how much power my server needs to do this stuff.
Because I am currently just giving evil bots a blank page with random status codes. I think those tools are very dependent on status codes, right? So, if the status codes are random, will they give useful results?
But I will find out which takes less power. Thanks for the advice.
Loving The content .. 🎉 good show
CORS fetch data from different websites and API is also doing the same, then what's the different between in this two?
Hey John kindly teach us how to do the malware analysis of a PE file that will be very helpful.
Cool one
To make it absolutely clear, those links don't actually have to be interpreted into the version of the website our user navigates on, right?
Me creating 300 of these on sub-domains to troll google
Good stuffs
Pay what you can is only .. when its LIVE training .. not on demand .. so u kind of have to wait
Sometime I feel like I'm in an infinite loop.
I've built something like this in php a long time ago.
> Having used Scrapy Python web crawler
If you try to download the content of the web page with wget, it will only work until the entire word list has been downloaded. This is not a real loop at all
cool stuf
filter results to website content in fuff it'd be -fw
don't forget to block legit robots from crawling these so it doesn't destroy your SEO/rankings lol
Sorry, but I just don't get it. What is the purpose of this app? Will someone explain to me in plain English?
The idea is pretty basic, what would be useful is to return valid content for script kiddies looking for WordPress vulnerabilities or doing SQL injection then give them BS data.
Early. :3
hahh hacker cries :)
Dope
I am 999 liker 🙌 by the way thank 👍
Can software engineer become a Hacker with self study ?? 🤖
First