I'm adding this to my honeypot.

The hacker tears😢

Love the simplicity of this script :D. I think this idea is like an April 1 gift for script kiddies. Nice content, by the way. :)

I'm still holding out for the *Hack Like Hammond* training camp. C'mon, it's even catchy, do it, do it, do it. Great video as always!

The PoC seems ok, but you'd have to think about that a crawler that gets stuck in your domain might be causing other issues like unintentional DoS, especially on low resource machines.

maybe bypassable by matching only pages having a specific word in page src code .(u'll definitely get a word that appears on all true pages and not on fake ones) , it could also be bypassed by response time filtering (fake pages will load much faster). ffuf -mr(match regex)/-ft (response time filter) ....

I think it would make sense to add a delay for the fake pages, such as 1 second to load, would make it way slower for the pages to be crawled

Thanks a John I really appreciate all your videos highly informative

This was neat, Thank you!

On burp you can see the Page Lenght and notice that you're on a tool quickly. Light pages dont call much attention, specially with a page that only contain anchors.

I had an idea but too many ongoing rn. Basically the idea was that if it detected someone was crawling it would start injecting hidden links that go to an endpoint that returns a location header sending malicious get requests to internal ips. Eg known router exploits. I was thinking of making it as a flask module just as a fun project I'm not sure of the legality of writing and publishing it anyway since it would be illegal to deploy

That is sick man Cyber Deception I like that You could use triggers in the database whenever any of the links clicked a notification will be send to the operator meaning we are under attack also enhance the look of the site 😂 Nice camouflage tool good stuff Thanks for sharing 😊

I understand the idea, and I will investigate how much power my server needs to do this stuff. Because I am currently just giving evil bots a blank page with random status codes. I think those tools are very dependent on status codes, right? So, if the status codes are random, will they give useful results? But I will find out which takes less power. Thanks for the advice.

This may be cool to deter indiscriminate site scrapers, but last week wget helped me grab a php script for a website service that slices images online, and I really needed to see how the tool was scripted. General website cloners struggle to retrieve most php files. But wget saved my day Yay!

Loving The content .. 🎉 good show

Thank you for the amazing content. Note: On-Demand courses are not available as Pay-What-You-Can course offerings. Says unfortunately.

Hey John kindly teach us how to do the malware analysis of a PE file that will be very helpful.

Cool one

CORS fetch data from different websites and API is also doing the same, then what's the different between in this two?

Great concept, however, would running SpiderTrap not be open to being abused by an attacker via a DOS attack? Constantly creating new sites multiplied by however many threads would use up a lot of resources.

I assume that wget actually has a "maximum" setting of some sort or other; dynamic vulnerability scanners like ZAP or the like do precisely because of tools like Spidertrap (and also because of designs that might result in loops that are not detected). (Never let beginning developers build a spider - there are just so many ways that it can go wrong.)

Good stuffs

If you use a spidertrap , then you are more interesting for hackers. They will think, what are you hiding sir? Sometimes it is best to do nothing, just listen. Every force you create has an echo. Your own bad energy will be your undoing - Gogeta SSJ2. Don't annoy hackers, let them scan, just learn and mitigate. Just leave everything normal. Make it seems normal, there is nothing to see here, that is the key. Think like a firewall, are you doing to annoy (infinite loop), deny (send mesage back) or drop (ignore). Just drop and leave it, continue your life. Thanks for the great video!

Notifications after comment

To make it absolutely clear, those links don't actually have to be interpreted into the version of the website our user navigates on, right?

i wonder if shodan crawlers would get stuck

Pay what you can is only .. when its LIVE training .. not on demand .. so u kind of have to wait

I've built something like this in php a long time ago.

> Having used Scrapy Python web crawler

Sometime I feel like I'm in an infinite loop.

If you try to download the content of the web page with wget, it will only work until the entire word list has been downloaded. This is not a real loop at all

cool stuf

Me creating 300 of these on sub-domains to troll google

filter results to website content in fuff it'd be -fw

Early. :3

Sorry, but I just don't get it. What is the purpose of this app? Will someone explain to me in plain English?

don't forget to block legit robots from crawling these so it doesn't destroy your SEO/rankings lol

Dope

The idea is pretty basic, what would be useful is to return valid content for script kiddies looking for WordPress vulnerabilities or doing SQL injection then give them BS data.

hahh hacker cries :)

I am 999 liker 🙌 by the way thank 👍

First

Can software engineer become a Hacker with self study ?? 🤖