PHP Honey Pot

From Leo's Notes
Last edited on 20 October 2015, at 22:33.

Here's a simple quick and dirty PHP honey pot where all inputs are captured and logged to /tmp. This is useful when trying to figure out what a PHP exploit does especially when payloads or keys are sent via POST.

You may either remove the exit call at the end so that the exploit continues to work or leave it in to prevent any attacks from continuing. 

<?php
@error_reporting(NULL);
@ini_set("error_log", NULL);
@ini_set("log_errors", 0);

// log input data.
ob_start();
date_default_timezone_set('America/Edmonton');
echo $_SERVER['REMOTE_ADDR'] . ":" . $_SERVER['REMOTE_PORT'] . " (" . $_SERVER['HTTP_USER_AGENT'] . ") at " . date("M j Y, H:i:s") . "\n";
print_r($_COOKIES);
print_r($_POST);
print_r($_GET);
$data = ob_get_contents();
ob_clean();

// save it to /tmp/path-to-file-name.log
$fp = fopen("/tmp/" . substr(str_replace("/", "-", __FILE__), 1) . ".log", "a+");
fwrite($fp, $data);
fclose($fp);

exit;

Recent Changes

Recent Changes under Linux

Recent Changes under Guides

Ad-Free + Tracker-Free

I respect your privacy. This site does not serve ads, use trackers/analytics, or load resources from 3rd party websites.

Cookies may be created by MediaWiki but will contain no user identifiable information.


Back to top