Security Tip: Canary Tokens

Canary Tokens are a free service provided by Thinkst Canary that provide an “insanely easy-to-use honeypot solution that deploys in just 3 minutes.”

The way they work is incredibly simple:

1. You generate a new token on their website.
2. You put the token somewhere
3. A hacker finds the token, interacts with it, and you get an alert!
   (Most of the time, the hacker won’t even know they’ve triggered an alert!)

There are a lot of different tokens available to be generated, so you can usually find one that suits your use case.

The token types include:

• DNS / hostname
• AWS keys
• Windows Command
• Word Document
• QR Code
• MySQL Dump (this is great for your 'database' folder!)
• URL Loaded
• URL Redirects
• PDF
• Email address

Every time I set up a new Laravel app, I always generate a couple of tokens and scatter them around my repo and production server(s). The .env.example file is fantastic for storing Canary Tokens, because they’ll be stored in the repo and easily findable by anyone snooping around in your code. I’ve also got a few hiding on my laptop. 😉

Let’s walk through a simple example: generating AWS keys.

Step Four: wait for someone to go snooping around!

For this example, I’ve run TruffleHog on my codebase and it’s found some matches:

Found verified result 🐷🔑
Detector Type: AWS
Decoder Type: PLAIN
Raw result: AKIAYVP4CIPPOYTRDREA
File: .env.example

And I just received an email:

It really is that simple.

If you've made it this far, please share this Security Tip and Securing Laravel with your Laravel friends, colleagues, and enemies! The more folks we have learning about security, the more secure code will be written, and the safer the whole community and our users will be. Also, if you tag me I'll give it a retweet, and you can find all my socials on Pinkary.