June 2012

** This is a beta and unestable **

This is a MacOS web honey client that  read a list of urls from a file and use one or more VM with MacOS Lion to visit each one. 

Run on top of VirtualBox.
Capture network traffic.
Capture syscalls via dtrace script.
Dump RAM memory image (this could be analized by volafox)
Take screenshots

*** Pre requisites on the host.
A lot of free disk space, because it takes a RAM memory dump for each url. Like 1 Gib.
This is written in python and some libraries are required:
 - paramiko for ssh conections.

It is based on VirtualBox, so a working VirtualBox 4.x it's necesary.

Configure the host in the myconf.py file.
The paths are absolute.

For the dump network file path, use :

modifyvm YOURVM --nictrace1 on --nictracefile1 YOUR/PATH/FILE 

for example:

modifyvm lion --nictrace1 on --nictracefile1 /home/hugo/iHoneyC/dumps/lion.dump

once you yave your VirtualMachine configured, up and running, with the user logged in, take a snapshot, and then restore it, for example:

VBoxManage snapshot lion take current1 --pause
VBoxManage snapshot lion restorecurrent

*** The guest.
It's necesary a VM with MacOS Lion.
Install it on the virtual machine and configure:
 - Access via ssh
 - A static IP, for ssh conection.
 - Add your user to sudoers list, with no password 
 - Create a directory dtraces and copy the trace.d on it.
 - Change permissions to trace.d like chmod +x trace.d

*** Files

myconf.py    configuration file for the VMs
runner.py    where the analize function lives (here is all the magic)
iHoneyC.py   the main module, deals with urls, queue and threads
urls.txt     where the suspicious urls are read. 


[   ]Parent Directory -
[   ]iHoneyC.zip4.7K

UPSLP - June 2012