In this post, you will learn what is a canary token is? And how does it work and most importantly I’m going to perform a how to see canary tokens lively.
What is canary token
The canary token is a type of token, When a criminal sends this to the target and when the target clicks on the token generated by the criminal then the target location and the IP address will be known to the criminal.
In simple words, We could say the canary tokens are used to gathering real-time information like victim IP and the location.
Only these you could gather and further the criminal should do enumeration using Nmap. Then it’s really very simple process just take the victim IP address scan it in nmap and find the person.
Also Read: Full tutorial on DMitry?
How to use a canary token
It’s really very simple to use carnary tokens, just wet your hands let’s GO!!!
Firstly, go to this site canarytokens.org
The interface looks pretty cool, Just kidding ????
This is the official canary token page there are some other sites also generating carnary tokens like stationX
Just click on the select toke and select one and give your mail, make a remainder, and give generate.
*Make sure the mail you give is anonymous and make sure you are the admin of the mail to check the information.
Looks really cool Ah (¬‿¬)
Okay, funs apart let’s see what the hell these are;
- Chose your canary token it may be excel doc or pdf whatever and make sure that it should be looking like legit so, the victim will click on the canary token.
- Second enter the mail address, DON’T enter mine. Get a temporary mail and enter it and make sure you have access to it
- Write a remainder on to whome the token you are sending to, suppose if youre a scammer you will send to all of them and one will get confused.
- Atlast give create canary tokens. ????
Success MAN, you finally created a canary token ????
Now comes the IMPORTANT part make sure whatever you’re sending is legit. This means to add some decoration like you got a job offers or say if you didn’t pay you will lose our subscription, well it is an invoice type.
Give download ????
Give a new file name so, the victim will not be fishy about the doc
I sent the mail to my dear friend and I got this information once
he/she clicked on it I got this information
Further, I could do enumeration on the IP address I got
This tool is very much useful for doing phishing activity and gathering information just give a try on it! ✨
Also Read: Information gathering using ARP-SCAN
Also Read: How to change MAC address
Additionally: The different ways to do password cracking