Abstract
Intelligent honeypots with emulation capabilities are important for analyzing the intrusion techniques of attackers. An intruder, convinced of the authenticity of a website and its vulnerabilities, provides more information to the honeypot and may be provided with honeytokens himself. This thesis examines existing approaches of web application honeypots. Moreover, it focuses on emulating the success of SQL injections and forming appropriate responses, whereas in reality the attacker is not successful. GlastopfInjectable is developed, an extension of the web application honeypot Glastopf that was founded by Lukas Rist. The SQL injection emulator distinguishes each attacker with fingerprinting and maps an attacker-specific database copy. SQL injections from user input reach the sandboxed database copy, which stores artificial sensitive data. The copies are kept and reused for returning attackers to serve multi stage attacks. Tests evaluate the convincibility and other factors of GlastopfInjectable towards the attacker. Some comparisons with the normal Glastopf version are shown. Additionally, the log files of real attacks against a GlastopfInjectable instance are analyzed.