Alex's Coding Blog
  • Home
  • About
  • Projects
  • Contact me

Blog

How to set up a honey token for dotnet project with Konso

  • August 18, 2022 August 19, 2022
  • by Alexander

Only non wordpress site owners can know how difficult is life for one. Me as a .net developer rather preffer build own blog engine, than to use existing, popular and tested. You know for us developers any solution isn't good enough, but that's how progress starts :).

Based on my observation and analytics of this very blog, more than 30% requests are addressed to wordpress pages, plugins and etc.

image

The majority of requests come from bots use similar crawl pattern:

*/wp-admin/*
*/wp-includes/*
*/wp-content/*

Hardly bot requests can cause troubles, if it is not well organized mass attack, however, there are always manual attempts that might be concerning.  To know better the person who tries to hack your web site, normally you set what is called honey token which is useless for potential intruder, but can give you some details about him and his activity. 

In this post I will show you how can you setup a honey token with Konso in minutes and start learning about your "friends".

Prerequisites

  • If you don't have a konso account create a one now, it is free 
  • Create Konso bucket
  • Basic .NET MVC routing 

Konso setup (5 minutes)

First you will need to add Value Tracking API to your bucket. Go to Settings/Usage screen and click Add API button

image

Than choose Value Tracking and click "save" button

For easy event trace and readability you need name it. Go to Observability/Value Tracking/Mappings and click create a new mapping button

Define ID and name for the event

image

That's it for Konso setup

Code level tracing (10 minutes)

For example purposes I will use simple controller that prints welcome message. 

Let's setup konso client library to your project

Install-Package Konso.Clients.ValueTracking -Version 1.1.0

Now we need to add a configuration

Add config to appsettings.json:

"Konso": {
    "ValueTracking": {
        "Endpoint": "https://apis.konso.io",
        "BucketId": "<your bucket id>",
        "ApiKey": "<bucket's access key>"
    }
}

Your access details can be found at Settings/API access

image

It uses HttpClientFactory:

public void ConfigureServices(IServiceCollection services)
{
    // use httpclient factory
    services.AddHttpClient();
    services.AddSingleton<IValueTrackingClient, ValueTrackingClient>();
}

Resolve the service in class constractor:

private readonly IValueTrackingClient _valueTrackingService;
public SomeClass(IValueTrackingClient valueTrackingService)
{
    _valueTrackingService = valueTrackingService;
}

Create a simple contorller action


        [Route("/wp-admin/{*pathInfo}")]
        [Route("/wp-includes/{*pathInfo}")]
        [Route("/wp-content/{*pathInfo}")]
        public async Task<ContentResult> HoneyToken(string pathInfo)
        {
            await _valueTrackingService.CreateAsync(new ValueTrackingCreateRequest()
            {
                AppName = "blog", // (optional) application name  
                EventId = 60, // id of event defined in konso
                Tags = new List<string>() { "security", "honeytoken" }, // (optional) list of tags associated with the event 
                Browser = Request.Headers["User-Agent"],
                IP = ,// your bits for getting client ip address
                Custom = pathInfo 
            }) ;
            var sb = new StringBuilder();
            sb.AppendLine("Greetings my new friend, it is nice to meet you!");
            Response.StatusCode = (int)HttpStatusCode.Forbidden;
            return this.Content(sb.ToString(), "text/plain", Encoding.UTF8);
        } 

That's it for the setup now you can explore suspicious activity. 

image

As I said before this trivial example and can be extended to some cool stuff such as fake login form and so forth. 

Security

Debugging microservices is always tricky and time consuming specially without proper code level logging in place.

Meet Konso. It's developed as a solution for this challenge and can help with saving development effort for your team up to 30%. 🎯🎉

The key functions are:

🔥 Centralized logging for your microservices
🔥 Tracing with metrics and value tracking events
🔥 Ad-Hoc events exploration
🔥 Saving your queries
🔥 Create alerts and get notified


You can start collecting you project's logs in 5 minutes. 🕐💪

To Learn more about logging tool, book a free demo.
To get started for free, Create your free account now

Alexander Lvovich

Solution Architect and Software Developer.

Share on:

No comments are allowed for this post

Recent Posts

  • Easily track and troubleshoot errors in your .NET 7 web app using Konso's logging feature
  • How to disable object model validation .NET 7
  • Keep Your Passwords Safe: 5 Tips for Protecting Yourself After the Latest LastPass Data Breach
  • How to ping from .net application container
  • Freelancing myths you should consider before dive in

Categories

  • Azure
  • Architecture
  • .NET Core
  • Certification
  • DevOps
  • How-to
  • Azure Functions
  • Serverless
  • Cosmos DB
  • Security
  • Thoughts
© Copyright 2023, Alexander Lvovich. Theme by Colorlib