SQL INJECTION AVOIDANCE FOR PROTECTED DATABASE WITH ASCII USING SNORT AND HONEYPOT

The main objective of this project is to prevent the user from accessing the server when using SQL injection techniques and logs the attacker IP address in a server. A SNORT rule will be used to alert the server when the user used SQL injection to enters the server and Honeypot will be used to trace and logs the IP address and store a copy in the server. Here, we planned to implement a web server and the data is secured with ASCII and configure that database with SNORT and Honeypot to prevent and block the attacker from accessing the webserver. Whenever the attackers access the server using the SQL Injection technique, the SNORT rule alerts the server, then the attacker is transferred to a honeypot, where it can trace the attacker’s IP and store it in the server database to prevent further attacks. The steps to install Here are the SNORT for Ubuntu or VMWARE on windows as follows,

  • On direct Ubuntu installation, you can follow up with the link, https://upcloud.com/community/tutorials/install-snort-ubuntu/

  • On Ubuntu installation on Vmware, you can follow up with the link, https://www.hackingarticles.in/comprehensive-guide-on-snort-part-1/

  • Before running snort, need to run the apache webserver and replace the default 'index.html' with the given index file in the HTML code folder.

  • Now on the terminal, run snort tool. When entering the username and password as 'admin' and 'admin' there is no error.

  • Now adding that injection techniques to the URL. If using VMware we can have two IPs (Windows and Vmware). In that case, we can apply SQL injection from the same PC and observe the results on the terminal.

  • In this project stand-alone Ubuntu machine so we cannot apply SQL injection from the same machine. So, applying SQL injection using another PC.

  • If you want to find the IP type 'ifconfig'. In our case, the IP address is '192.168.1.9'.

Here are the basic SQL injection commands or rules that added to snort

1. 'x'='x' represents access

2. %27 basic injection

3. '$EMAIL' get the username

Here is the example of a link as a SQL injection.

1. 192.168.1.9/$EMAIL

2. 192.168.1.9/'x'='x'

So, in the below line, 192.168.1.202:52813 corresponds to the attacker's PC.

11/27-20:20:48.532690 [**] [1:100000013:0] SQL Injection Detected [**] [Priority: 0] {TCP} 192.168.1.202:52813 -> 192.168.1.9:80

Reference Paper: SQL Injection Avoidance for Protected Database with ASCII using SNORT and Honeypot

Author’s Name: UtpalUpadhyay and GirishKhilari

Source: ICACCCT

Year:2016

Click here to DOWNLOAD the READ ME Document about the software installation and code execution procedure.

Request source code for academic purpose, fill REQUEST FORM or contact +91 7904568456 by WhatsApp or info@verilogcourseteam.com, fee applicable.

SIMULATION VIDEO DEMO