Description: The Redirect Token is a URL that will redirect a user to a specified website whilst first fingerprinting the user's web browser. This token can be used to get information about an attacker whilst they browse your infrastructure.
A benefit to this token is that the attacker is unlikely to know they've just been fingerprinted as they would click your hidden link and simply be redirected to another landing page.
Use this as part of your authentication flow to get alerted when someone signs in or place it in webpages you don't expect anyone to go.
Note: Both tokens redirect to a custom address once triggered, but not all tokens are created equal, the fast and slow redirects do differ.
Slow Redirect: This token runs a browser scanner that collects browser/plugin information.
Fast Redirect: This token does not collect browser or browser plugin information.
Follow the steps below to create a Slow/Fast Canarytoken:
Log in to your Console.
Select the Canarytokens tile.
Select your preference of Slow/Fast token from the list.
Over time, you will deploy thousands of tokens all over the place. Make sure that your Reminder is as descriptive as possible, and will remind you in the future of where the token was dropped. It may create confusion if a token generated an alert that reads “test" - and does not remember where you placed it.
Enter the URL you would like the user to be redirected to after clicking the link.
Go ahead and click on Create token when you are ready to generate.
Copy the token and place it in its intended location.
An alert is triggered when the link is clicked, and more information is made available if the slow Redirect alert is used.
Slow Redirect Alert
Fast Redirect Alert
You're done! ;-)