antisyphon

LAB: SpiderTrap

This a description of my experience working on the labs offered by Black Hills Information Security called “Advanced C2 PCAP Analysis” and “RITA.” I completed these labs in May of 2022 as part of the “Active Defense - Cyber Deception” live class offered by John Strand and Antisyphon Training. If you want to do the labs yourself, check out their class here! The lab walkthroughs are also available on GitHub.

Image credit: Nathan Dumlao

This lab covers a tool called SpiderTrap that can be used to catch and slow down web crawling bots that attempt to enumerate your web server for malicious reasons. It does this by generating lots of random links for the spider to examine and waste it’s time with.

I began the lab by opening my virtual machine in VMware, which was provided by BHIS as part of the class downloads. I opened a terminal as administrator, clicked the dropdown menu and opened an Ubuntu shell. I changed directories into the location of the spidertrap installation (/opt/spidertrap) and ran ifconfig to determine my IP address. I then started the trap by running the following command:

python3 spidertrap.py

This displayed the randomly generated links, which just lead to more random links if they are clicked on. Below is a screenshot of the result. I then stopped the tool from running.

I then moved on to the next step of the lab, which was to start SpiderTrap again, but this time with a directory list enabled to make the links look like real directories, which further obfuscates that fact that this is acting as a trap.

A normal penetration test involves starting with an automated scan, where the pentester starts the scan and then lets it run while doing something else. If they run into SpiderTrap while the automated scan is running, this could either fill the pentester’s hard drive or completely exhaust the memory of the pentester’s computer. Either way, it is disruptive and can slow down a penetration tester or attacker, which gives time for network defenders to take further action to secure the systems.

You can learn more about SpiderTrap here. Thanks for reading!