Project Name: Project 11 - Vulnerability emulation for SNARE and TANNER
Mentor: Lukas Rist (DE)
Backup mentor: Andrea De Pasquale (IT)
Skills required: Python3 and Go
Project type: Improve existing tool
Project goal: Add web vulnerability type emulation for SNARE
SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. The web page is generated by cloning a real web application and injecting known vulnerabilities. SNARE connects to TANNER, a remote data analysis and classification service, to evaluate HTTP requests and composing the response then served by SNARE. Right now TANNER supports limited vulnerability emulation capabilities which serve more as demonstration.
A student working on this project will learn about HTTP attacks, vulnerability emulation using sandboxing, virtual file systems, system emulation and exposing databases. We will develop a deployment strategy, testing and updating.
Evgeniya had a strong start with adding support for RFI emulation, deploying a SNARE and TANNER instance for testing and verification purposes and we registered a domain to attract some malicious traffic. We continued with adding support for LFI and XSS attacks and session tracking. During the last part we focused on bug fixing, the cloning tool and support for SQL injection attacks. Despite her finishing her studies during GSoC, she managed to surpass our expectations.