🔐

HTTP Admin Honeypot

Detect unauthorized access attempts targeting HTTP admin panels and dashboards.

8080
Default Port
HTTP
Protocol
Username
Detection
HTTP Admin tripwire details

About HTTP Admin

HTTP admin panels are web-based management interfaces for routers, application servers, databases, and monitoring tools. These panels often use HTTP Basic Authentication and are prime targets for attackers seeking to gain administrative control over infrastructure components.

What Gets Captured

When an attacker attempts to connect using your HTTP Admin honeypot credentials, Tripwires captures:

  • Username - The username from the HTTP Basic Authentication header
  • Source IP - The attacker's IP address
  • Timestamp - Exact time of the request
  • User-Agent - The browser or tool used to connect

Connection Formats

HTTP Admin credentials can be planted in various formats depending on your tech stack:

Browser URL

http://user:password@http-xxx.gettripwires.com:8080/admin

curl with Basic Auth

curl -u user:password http://http-xxx.gettripwires.com:8080/admin

Python (requests)

import requests
response = requests.get(
    'http://http-xxx.gettripwires.com:8080/admin',
    auth=('user', 'password')
)

wget

wget --user=user --password=password http://http-xxx.gettripwires.com:8080/admin

Strategic Placement Ideas

Router/Switch Management

Leave as 'network device admin panel' URL in network documentation.

Monitoring Dashboards

Add as 'Grafana/Prometheus admin' credentials in monitoring setup docs.

Internal Bookmarks

Include as 'Jenkins/Tomcat Manager' in shared browser bookmark files.

Docker API Settings