The Redirect Token is a URL that will redirect a user to a specified website while first fingerprinting the user's web browser. This token can be used to get information about an attacker while they browse your infrastructure.
A benefit to this token is that the attacker is unlikely to know they've just been fingerprinted, as they would click your hidden link and simply be redirected to another landing page.
Use this as part of your authentication flow to get alerted when someone signs in, or place it in webpages you don't expect anyone to go.
Both tokens redirect to a custom address once triggered, but not all tokens are created equal; the fast and slow redirects do differ.
Slow Redirect: This token runs a browser scanner that collects information about the browser/plugin.
Fast Redirect: This token does not collect browser or browser plugin information.
Follow the steps below to create a Slow/Fast Canarytoken:
Step 1: Log in to your Console
Log in to your Console.
Step 2: Click the Canarytokens tile
Click the Canarytokens tile or click Add a new Canarytoken.
Step 3: Select a Canarytoken
Select your preference of Slow Redirect or Fast Redirect Canarytoken from the list.
Step 4: Add Reminder and Create your Canarytoken
Over time, you will deploy thousands of tokens all over the place. Make sure that your Reminder is as descriptive as possible, and will remind you in the future of where the token was dropped. It may create confusion if a token generated an alert that reads "test" — and does not remember where you placed it.
Enter the URL you would like the user to be redirected to after clicking the link.
Go ahead and click Create token when you are ready to generate.
Step 5: Use the Canarytoken
Copy the token and place it in its intended location.
Alert
An alert is triggered when the link is clicked, and more information is made available if the slow Redirect alert is used.
Slow Redirect Alert
Fast Redirect Alert