Skip to main content

Installing the HoneyPot

  • Signing up here and downloading the script for integration (in our case php). 
  • Publishing and setting up the permissions
chown -R root:www-data /var/www/bookstack/public/hello.php
chmod 644 /var/www/bookstack/public/hello.php
  • Calling with the browser and activating
  • Adding to footer
<footer class="print-hidden">
            <a href="https://null.somedomain.name/hello.php" target="_blank" rel="noopener"></a>
</footer>
  • Alternative method - injection from ModSecurity
SecContentInjection On
SecStreamOutBodyInspection On

SecRule RESPONSE_CONTENT_TYPE "@contains text/html" \
        "id:001003001,\
        phase:4,\
        pass,\
        nolog,\
        chain"

SecRule STREAM_OUTPUT_BODY "@rsub s/<\/html>/<a href=\"https:\/\/null.somedomain.name\/hello.php\"><\/a><\/html>/"

Back to top