### Install Ensnare Source: https://github.com/ahoernecke/ensnare.next/blob/main/README.md Installs the Ensnare gem plugin by executing a script from a remote URL. This script is intended to be run in the project root. ```bash curl -fsSL https://raw.githubusercontent.com/ahoernecke/ensnare.next/main/install.sh | bash ``` -------------------------------- ### Start Rails Server Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Command to change directory into the application and start the Rails web server. Use --help for available options. ```bash cd myapp; rails server ``` -------------------------------- ### Start Rails Console Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Launches the Ruby on Rails console for interactive application use. Supports sandbox mode to rollback database changes and environment-specific loading. ```bash rails console rails console --sandbox rails console production ``` -------------------------------- ### Enable Debugger in Rails Server Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Instructions to enable the debugger in Rails by starting the server with the --debugger flag. Requires the 'ruby-debug' gem. ```bash sudo gem install ruby-debug ``` -------------------------------- ### Debugger Interaction Example Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Demonstrates interactive debugging commands within the Rails debugger session, including inspecting variables and modifying object attributes. ```irb >> @posts.inspect => "[#nil, \"body\"=>nil, \"id\"=>\"1\"}>, #\"Rails\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]" >> @posts.first.title = "hello from a debugger" => "hello from a debugger" >> f = @posts.first => #nil, "body"=>nil, "id"=>"1"}> >> f. Display all 152 possibilities? (y or n) ``` -------------------------------- ### Captcha Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Requires an attacker to solve a CAPTCHA (reCAPTCHA) before allowing a request. Effective against scanners, requires separate setup of the 'recaptcha' gem. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :persist => boolean(if True, every request this function gets called until the user solves the captcha) Note: We don't suggest you set weight AND persist. This response is most effective when just set as persistent. ``` -------------------------------- ### Using the Debugger in a Rails Controller Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Example of using the 'debugger' keyword within a Rails controller action to pause execution and enter a debugging session. This allows inspection and modification of application state. ```ruby class WeblogController < ActionController::Base def index @posts = Post.all debugger end end ``` -------------------------------- ### Logging Messages in Rails Controller Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Example of using the Ruby logger class within a Rails controller to write custom messages to the application log file. This is useful for debugging. ```ruby class WeblogController < ActionController::Base def destroy @weblog = Weblog.find(params[:id]) @weblog.destroy logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!") end end ``` -------------------------------- ### Restrict Dashboard Access Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Sets methods to restrict access to the Ensnare dashboard. `config.dashboard_user_method` specifies how to get the current user, and `config.dashboard_authorization_method` defines the authorization check (e.g., `:admin?`). ```ruby config.dashboard_user_method = :current_user config.dashboard_authorization_method = :admin? ``` -------------------------------- ### Connect to Database Console Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Connects to the application's database directly from the command line using provided credentials. Supports multiple database systems and environment-specific connections. ```bash rails dbconsole rails dbconsole production ``` -------------------------------- ### Create New Rails Application Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Command to generate a new Rails application. Replace 'myapp' with your desired application name. ```bash rails new myapp ``` -------------------------------- ### Recaptcha Gem Integration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Instructions for adding the 'recaptcha' gem to the Gemfile and configuring it with public and private keys via an initializer file. ```ruby gem 'recaptcha' ``` ```ruby #config/catpcha.rb Recaptcha.configure do |config| config.public_key = "" config.private_key = "" end ``` -------------------------------- ### Redirect Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Configures a response to redirect the user to a specified URL or the webroot. Useful for disrupting user flow. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :url => str(url or path to redirect the attacker to. default is webroot) ``` -------------------------------- ### Not Found (404) Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Configures the response to return a 404 page. This can confuse scanners by making them believe a resource is invalid, potentially removing it from scope. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :location => str(specify the location of the 404 page to display. default is /public/404.html) ``` -------------------------------- ### Message Response Settings (Ruby) Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Shows the configuration settings for the 'message' response type in Ensnare. This response displays a custom warning message to the user when a violation threshold is met. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :content => str(content to display in the warning message) ``` -------------------------------- ### None Response Settings (Ruby) Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Illustrates the configuration for the 'none' response type in Ensnare. This response type does not perform any action, primarily used to control the probability of other responses being triggered. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation thresholds) ``` -------------------------------- ### Set Configuration Mode Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Defines the operating mode for Ensnare. Available modes are :disabled, :log (logs exceptions), and :enforce. The :log mode is useful for establishing workflows. ```ruby config.mode = :log ``` -------------------------------- ### Configure Enabled Traps Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Enables and configures various trap types including cookies, parameters, and routing errors. Allows specification of custom names or use of predefined settings like :admin, :debug, :random, :google, :uid, :gid. ```ruby config.enabled_traps = [ {:type=>:cookie, :options=>{ :cookie_names=>{:oracle_001 => "s-2fslsasflkjflkjasfs2-f", :ool0020093 => "a4d1fc354f49c40c74c00b963adc13"}, :predefined_cookies=>[:admin, :random, :google, :uid, :debug] } }, {:type=>:parameter, :options=>{ :parameter_names=>{:coupon_code => "84763949", :exp_csrf_token => config.randomizer}, :predefined_parameters=>[:uid, :admin, :debug, :random] } }, {:type=>:routing_error, :options=>{ :bad_paths=>["/admin", "/debug", "/robots", "/destroy"], :violation_weight=>10 } } ] ``` -------------------------------- ### Random Content Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Returns random content of a specified size range when triggered. Used to confuse manual attackers with garbled strings. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :min_size => int(specify the minimum size in bytes of the randomly generated response) :max_size => int(specify the maximum size in bytes of the randomly generated response) ``` -------------------------------- ### Redirect Loop Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Creates an endless redirect loop (301) to confuse attackers and fill proxy logs. Times out quickly in modern browsers but can disrupt sessions. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :parameter => str(parameter to send nonce too) ``` -------------------------------- ### Define Threshold Groups Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Configures threshold groups, which define how Ensnare responds to violations. Each group has a timer, a trap count, and a list of traps with associated weights and parameters (e.g., :redirect, :throttle, :captcha). ```ruby config.thresholds = [] # Example 1: config.thresholds << {:timer=>600, :trap_count=>2, :traps=>[ {:trap=>"redirect",:weight=>50,:url=>"/"}, {:trap=>"throttle",:weight=>40,:min_delay=>10,:max_delay=>20}, {:trap=>"none", :weight=>10} ]} config.thresholds << {:timer=>900, :trap_count=>15, :traps=>[ {:trap=>"captcha", :persist=>true }, {:trap=>"redirect",:weight=>10,:url=>"/"}, {:trap=>"throttle",:weight=>30,:min_delay=>15,:max_delay=>20}, {:trap=>"not_found",:weight=>10}, {:trap=>"server_error", :weight=>20}, {:trap=>"redirect_loop",:weight=>5, :parameter=>'test'}, {:trap=>"random_content",:weight=>5,:min_size=>500,:max_size=>1500}, {:trap=>"none", :weight=>20} ]} ``` -------------------------------- ### Basic 404 Error Page Styling (CSS) Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/public/404.html This CSS code styles a basic 404 error page. It sets background color, text color, alignment, and font for the main content. It also styles a 'dialog' div for centering and borders, and an 'h1' tag for the error message. ```css body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; } div.dialog { width: 25em; padding: 0 4em; margin: 4em auto 0 auto; border: 1px solid #ccc; border-right-color: #999; border-bottom-color: #999; } h1 { font-size: 100%; color: #f00; line-height: 1.5em; } ``` -------------------------------- ### Server Error (500) Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Sends a 500 Internal Server Error page as a response. This can mislead attackers into believing they are causing application errors, wasting their time on false positives. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :location => str(specify the location of the 505 page to display. default is /public/505.html) ``` -------------------------------- ### Specify Trapping Criteria Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Configures what criteria Ensnare should use to log violations. Options include trapping based on IP address, user object, or session object, or any combination thereof. ```ruby config.trap_on = [:ip, :user, :session] ``` -------------------------------- ### Throttle Configuration Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Implements a random or fixed delay for page requests. Can cause scanner instability and false positives like time-based SQL injection. ```ruby :weight => int(specify the likelihood of this response being triggered in a violation threshold) :min_delay => int(the minimum amount of time in seconds to delay the application when the response is triggered) :max_delay => int(the maximum amount of time in seconds to delay the application when the response is triggered) Note: you can set the min and max delay to the same time to create a fixed delay. ``` -------------------------------- ### Set Configuration Type Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Sets the configuration type for Ensnare. Use :custom for custom configurations or copy from existing templates. This setting is primarily used by the Dashboard. ```ruby config.type = :custom ``` -------------------------------- ### Log Violations in Ensnare (Ruby) Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Demonstrates how to log a violation record manually within an application using Ensnare. This is useful for tracking security events like authorization failures or specific observed behaviors. ```ruby Ensnare::Violation.create(:ip_address=>request.remote_ip.to_s, :violation_type=>"Delete Widget", :session_id=>session.try(:[],"session_id").to_s, :user_id=>current_user.id, :expected=>"None", :name=>params[:id].to_s, :observed=>"Delete", :weight=>5) ``` -------------------------------- ### Define Current User Method Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Specifies the method used to retrieve the currently logged-in user when the user object is used for trapping. This is essential if you are trapping on users. ```ruby config.current_user_method = :current_user ``` -------------------------------- ### Set Global Timer Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Configures the global timer in seconds. Violations for an IP, user, or session object are cleared after this duration passes. The timer resets upon each violation. ```ruby config.global_timer = 400000 ``` -------------------------------- ### Define Current User Identifier Source: https://github.com/ahoernecke/ensnare.next/wiki/Home Specifies the identifier for the currently logged-in user. This must be set if you are trapping on users and is used in conjunction with `config.current_user_method`. ```ruby config.current_user_identifier = :id ``` -------------------------------- ### Reload Console Source: https://github.com/ahoernecke/ensnare.next/blob/main/test/dummy/README.rdoc Reloads controllers and models within the Rails console session after making changes. ```ruby reload! ``` -------------------------------- ### Ensnare Threshold Group Definition (Pseudo Code) Source: https://github.com/ahoernecke/ensnare.next/wiki/Home This pseudo-code illustrates the definition of threshold groups in Ensnare, showing how trap counts and timers are configured for a waterfall effect. Each subsequent group requires a higher trap count. ```pseudo Global Timer = 2 Hours Threshold1 << {Trap_Count = 2 violations, Timer = 30 seconds} Threshold2 << {Trap_Count = 5 violations, Timer = 5 minues} ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.