3

I have reasons to think that my private message are watched by the site's support that I'm on. This is legal due to the TOS I had to valid when I subscribed to this website.

Howewer, I would like to collect informations about them to prevent any future incoming problem. I thought about honeypot, this is how I imagine it :

I send a failed bbcode to a friend leading to a look like picture link : [img]http://evil.com/mypicture.png[/im]g. I assume such a link can be some kind of html page, using mod_rewrite(Apache), or a low level run time environment such as Node.js.

This link lead to a javascript attack, known as The Spy in the Sandbox. In this private message, my friend knows that and accept it. In this case, sending him this link is legal.

This become tricky when the support will discover this private message. They will think about a basic failed bbcode and copy/paste the link in their browser to see the picture. The attack will then execute itself in their browser and give me some informations about us.

  • Is honeypot the correct term to designate this attack ?

  • Is it legal to store and read the informations I'll have collected ?

Xavier59
  • 2,924
  • 4
  • 18
  • 34

2 Answers2

3

Honeypots are used by network admins so that when someone attacks their "honeypot" server behind the firewall, they can get information about the hacker while saving the real hardware/servers from attack. See the Wikipedia article here: https://en.wikipedia.org/wiki/Honeypot_(computing), there's a pretty useful diagram that explains the concept better than I can. As far as a better name for this, it seems like more of a case of forensics than a specific type of attack.

As far as legality, it is legal for you to see who has accessed a webpage you own. Your spy in the sandbox/javascript/image payload approach seems vastly over-complicated when you could just host your own webpage and see who connects to it.

If you're looking to gain more information on the target, you might be interested in browser fingerprinting. The Mozilla wiki has a good article here: https://wiki.mozilla.org/Fingerprinting

Basically the idea behind it is that people using certain browsers and operating systems can be tracked by a very specific "fingerprint" of identifying information. JavaScript in general can be used to gather a significant amount of information on a target, and this can be particularly dangerous when all of that information is combined to form a unique signature.

Verbal Kint
  • 767
  • 1
  • 7
  • 21
1

Is honeypot the correct term to designate this attack ?

What you describe is not what most people mean when they use the word Honeypot in a computer security context.

The attack will then execute itself in their browser

Is it legal to ...

What is usually illegal here is setting up an attack on someone else's computer. This is usually only legal if they have contractually agreed in advance as part of some service such as penetration testing.

If you want legal advice, I recommend you consult a lawyer.

Community
  • 1
RedGrittyBrick
  • 1,355
  • 8
  • 14