Capture FAQ

Where can I get additional help?

There is troubleshooting guide located on the Capture release page, which contains solutions to common problems encountered.

In addition, we have set up a public mailing list for discuss issues around installation & operation, request support, voice feature requests, share your findings, etc. You can subscribe to it via

Is there any additional documentation provided with Capture?

Yes, Readme files that come with the Capture distribution contain a wealth of information on how to install, configure and run Capture.

What clients are currently supported with Capture?

Any http protocol clients that allow to specify a URL on the command line (e.g. iexplore are supported by Capture-HPC. This includes Opera, Internet Explorer, Firefox and various Office Application.

Where can I find additional exl other than the default provided with the distribution?

Check the mailing list for additional exclusion lists. If you don't find any there and end up creating one, please share it on the mailing list for others to benefit from it.

What other implementations of client honeypots exist?

Besides Capture there are a few other high interaction client honeypots:

But there are several low interaction client honeypots:

There are several other, like the spycrawler from the UW and Honeymonkey from MSFT, but those are not publicly available.

What's up with the client honeypot and honeyclient term?

Honeyclient and client honeypot are synonyms. They are generic terms that describe the concept. However, there is a subtlety here, as "honeyclient" is actually a homograph that could also refer to the first open source client honeypot implementation:  MITRE's HoneyClient.

What other resources are out there to learn about and keep up to date about client-side attacks?

There are several excellent blogs from security researchers and corporations. A few we read regularly are listed below:

Under what license is Capture-HPC written and distributed?

The GNU General Public License, v2.