Custom TCP Services are a way for you to create and deploy your own custom services to your Canaries, without having to write any code.
Creating your custom service is quick and can be easily done by following the below steps.
Step 1: Navigate to device configuration
In order to create your custom services you will need to navigate to the settings of your Canary.
This can be done by logging into your Console, clicking on the Canary’s panel, then clicking “Configure Canary” .
Alternatively you can boot your device into config mode and create them there.
Step 2: Enable Custom TCP Services
Once on the configuration page, scroll down you Custom TCP Service and enable it.
Step 3: Customize your service
You can change the way your service behaves by altering fields for the service:
Port lets you specify which port the service will listen on.
Banner on Client Connect lets you specify a string that is immediately sent to the client when they connect to your service.
Banner on Receiving Data lets you specify a string that is sent in response to any client request.
Alert only if client sends lets you specify a trigger string. An incident is only created if the client’s request includes the supplied string.
Long lived connection is described in its own section below.
All these string fields, newlines and carriage returns can be added with '\n' and '\r' literal strings, and arbitrary bytes by hex encoding and escaping it like with '\x89' or in 'hello\x01world\x02'.
Step 4: Test your service
Once you’ve deployed your changes, test the custom service by connecting to the Canary on the chosen port
If everything is correctly configured a new incident will be generated in your console.
Step 5: Add additional services
You can add up to 10 custom TCP services.
Simply click the + next to Additional Custom TCP Service Modules.
Long lived connections
The long lived connections feature lets you specify a secret string that prevents alerts from triggering when entered. In this case, a long lived connection will be maintained between the client and the bird, letting you breadcrumb your network with a trail back to the bird.
When inputting the secret string, the output on the client will be the same as for other input, but you'll notice that no alert comes up on your console. From this point, the client will no longer trigger any alerts, and the bird will periodically trickle small data packets through to the client to keep the connection open.