canary token? Let’s do Information gathering

Introduction

In this post, you will learn what is a canary token is? And how does it work and most importantly I’m going to perform a how to see canary tokens lively.

Video:

What is canary token

The canary token is a type of token, When a criminal sends this to the target and when the target clicks on the token generated by the criminal then the target location and the IP address will be known to the criminal.

In simple words, We could say the canary tokens are used to gathering real-time information like victim IP and the location.

Only these you could gather and further the criminal should do enumeration using Nmap. Then it’s really very simple process just take the victim IP address scan it in nmap and find the person.

Also Read: Full tutorial on DMitry?

Advertisement

How to use a canary token

It’s really very simple to use carnary tokens, just wet your hands let’s GO!!!

Firstly, go to this site canarytokens.org

canary token

The interface looks pretty cool, Just kidding ????

This is the official canary token page there are some other sites also generating carnary tokens like stationX

Just click on the select toke and select one and give your mail, make a remainder, and give generate.

*Make sure the mail you give is anonymous and make sure you are the admin of the mail to check the information.

generating canary token

Looks really cool Ah (¬‿¬)

Okay, funs apart let’s see what the hell these are;

  1. Chose your canary token it may be excel doc or pdf whatever and make sure that it should be looking like legit so, the victim will click on the canary token.
  2. Second enter the mail address, DON’T enter mine. Get a temporary mail and enter it and make sure you have access to it
  3. Write a remainder on to whome the token you are sending to, suppose if youre a scammer you will send to all of them and one will get confused.
  4. Atlast give create canary tokens. ????
created a ms excel token

Success MAN, you finally created a canary token ????

Now comes the IMPORTANT part make sure whatever you’re sending is legit. This means to add some decoration like you got a job offers or say if you didn’t pay you will lose our subscription, well it is an invoice type.

Give download ????

Give a new file name so, the victim will not be fishy about the doc

Caranay token

I sent the mail to my dear friend and I got this information once he/she clicked on it I got this information

Further, I could do enumeration on the IP address I got

Advertisement

Conculcuion

This tool is very much useful for doing phishing activity and gathering information just give a try on it! ✨


Also Read: Information gathering using ARP-SCAN

Also Read: How to change MAC address

Additionally: The different ways to do password cracking