Honerix is a distributed honeypot to detect and monitor web-based attacks. The infrastructure is made of a central server, plus several probe systems. Probes simulate vulnerable web applications to push attackers into exhibiting their malicious behavior; observed attacks are then recorded, together with possible payload resources.
How does it work?
Every Honerix probe system runs several different plugin modules, and each one simulates a specific web application. According to the HTTP request submitted by the attacker, the Honerix probe chooses which plug-it is better suited to serve the request, and uses it to generate a response to be returned to the attacker. Such a specific response could in turn stimulate the attacker into performing additional requests, or drop some malicious resources.