This week I completed an important step which is to integrate a parser in Honeybrid. There are now two new files in the source code:
Flex and Bison compile these two files and generate rules.c and rules.h which are then used by honeybrid to parse its configuration. The great advantages of having a parser are to have a flexible configuration file and to better handle configuration errors with a short volume of code.
The configuration of Honeybrid is now defined in a single file honeybrid.conf, which is divided in three sections:
The goal with the target section is to precisely control the behavior of the honeynet at each stage of an attack: during initialization (frontend), during the attack itself (backend), and after the attack, when the honeypot is compromised (outbound control). So the target section is made of four keywords:
An example of the final configuration file is attached to this blog post.