You’ll be familiar with web bugs, the transparent images which track when someone opens an email. They bitcoin 2 mh services by embedding a unique URL in a page’s image tag, and monitoring incoming GET requests.
Imagine doing that, but for file reads, database queries, process executions, patterns in log files, Bitcoin transactions or even Linkedin Profile views. Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots. From unsuspecting grandmas to well known security pros. What isn’t excusable, is only finding out about it, months or years later.
URL or a hostname, depending on your selection. As an added bonus, we give you a bunch of hints and tools that increase the likelihood of an attacker tripping on a canary token. Whenever that URL is requested, or the hostname is resolved, we send a notification email to the address tied to the token. It’s only used to notify you when the token is triggered, mails are not used for any other purpose.
Enter a comment which describes where you’re using the token. If the token is triggered in six months time, a comment will help you remember where you placed the token. We envisage having loads of tokens, so a good description is necessary. Click “Generate Token” to obtain your token. Copy the token and drop it somewhere it will be stumbled over.
How do attackers trip over a token? The URL component is pretty flexible. This gives us a the simplest use-case for a token, an old fashioned web-bug. Simply keep it in your inbox unread since you know not to touch it. An attacker who has grabbed your mail-spool doesn’t.
If you like, you could even use the same token as an embedded image. This way it works like the classic 1×1 transparent GIF. Now an attacker reading your inbox could trip over it just because his mail client renders remote images. Canarytokens can be used as simple web-bugs, but they are incredibly flexible as we’ll see. Every time someone gets owned, and their homedir gets published, theres a bit of speculation on “how they got taken. While we may not always know the answer to that question, there is something we _do_ know.