Installing Glastopf web honeypot on Ubuntu Server 12.04

From Zam Wiki
Revision as of 19:21, 26 May 2014 by Zam (talk | contribs)
Jump to: navigation, search


Install the dependencies

sudo apt-get update
sudo apt-get install python2.7 python-openssl python-gevent libevent-dev python2.7-dev build-essential make liblapack-dev libmysqlclient-dev python-chardet python-requests python-sqlalchemy python-lxml python-beautifulsoup mongodb python-pip python-dev python-numpy python-setuptools python-numpy-dev python-scipy libatlas-dev g++ git php5 php5-dev gfortran
sudo pip install --upgrade distribute

Install and configure the PHP sandbox

Download using git:

cd /opt
sudo git clone git://
cd BFR
sudo phpize
sudo ./configure --enable-bfr
sudo make && sudo make install

Open the php.ini file and add accordingly to the build output:

zend_extension = /usr/lib/php5/20090626+lfs/

Install glastopf

Install latest stable release from pip:

sudo pip install glastopf

Or install latest development version from the repository:

cd /opt
sudo git clone
cd glastopf
sudo python install


Prepare glastopf environment:

cd /opt
sudo mkdir glastopf
cd glastopf
sudo glastopf-runner

A new default glastopf.cfg has been created in glastopf, which can be customized as required.

Testing the Honeypot

Start Glastopf (from your 'myhoneypot' directory):

sudo glastopf-runner

Use your web browser to visit your honeypot. You should see the following output on your command line:

2013-05-21 08:34:08,129 (glastopf.glastopf) Initializing Glastopf using "/opt/myhoneypot" as work directory.
2013-05-21 08:34:08,130 (glastopf.glastopf) Connecting to main database with: sqlite:///db/glastopf.db
2013-05-21 08:34:08,152 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connecting to feed broker.
2013-05-21 08:34:08,227 (glastopf.modules.reporting.auxiliary.log_hpfeeds) Connected to hpfeed broker.
2013-05-21 08:34:11,265 (glastopf.glastopf) Glastopf started and privileges dropped.



You can upgrade glastopf (if you instaling using pip) by running this command:

pip install --upgrade glastopf

Google Index

As described above, we can "advertise" our glastopf "weaknesses" to Google (for Google Dorks). So that attackers are aware of your honeypot, you must include your web server in the Google index.

Enter the glastopf URL to [Google Webmaster Tools] to register your web site for Google bot crawl. Now, just sit back and wait for the first attacks shows...

Log to MySQL

If you prefer a MySQL database instead of SQLite, install a MySQL server:

sudo apt-get install mysql-server python-mysqldb

Then create new db & user with its privileges:

mysql -u root -p

mysql> create database glaspot;
Query OK, 1 row affected (0.00 sec)

mysql> create user 'glaspot'@'localhost' identified by 'glaspot';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on glaspot.* to 'glaspot'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

During the installation of the system and the user account you are prompted for a password. Make sure you use a strong password, because the database is in an open network.

Configure glastopf.conf file

We need to configure the glastopf.conf file that located at /opt/glastopf. Inside this file, there are many setting that you can change accordingly.

  • First, we change our glastopf to run at port 80 instead of port 8080:

Beware: Please ensure you not running apache service at port 80. Bind it to another port.

host =
port = 80
uid = nobody
gid = nogroup
proxy_enabled = False

We do this to make our honeypot to look like real web app.

  • Change the database option to log to mysql instead to sqlite:
#If disabled a sqlite database will be created (db/glastopf.db)
#to be used as dork storage.
enabled = True
#mongodb or sqlalchemy connection string, ex:
#mongodb://james:[email protected]:27017/glastopf
#mysql://james:[email protected]/glastopf
#connection_string = sqlite:///db/glastopf.db
connection_string = mysql://glaspot:[email protected]/glaspot

Fire Up!

  • Start your glastopf by run this command on your terminal:
cd /opt/glastopf/
python /usr/local/bin/glastopf-runner

If you want to run glastopf at background, run with this argument:

cd /opt/glastopf/
python /usr/local/bin/glastopf-runner > /dev/null 2>&1 &


  • If you get this kind of error:
fatal error: libinjection.h: No such file or directory

during the glastopf installation, please do this:

$ cd /opt
$ sudo git clone
$ sudo git clone
$ Remove pylibinjection.c from /opt/pylibinjection/src
$ Verify that libinjection.h is in /opt/libinjection/c
$ cd pylibinjection/
$ sudo python build
$ sudo python install

Then try to run the glastopf setup again.

blog comments powered by Disqus