π¦ CanaryTokens
Canary tokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)
How tokens works (in 3 short steps):
- Visit the site and get a free token (which could look like a URL or a hostname, depending on your selection.)
- If an attacker ever uses the token somehow, we will give you an out of band (email or sms) notification that itβs been visited.
- As an added bonus, we give you a bunch of hints and tools that increase the likelihood of an attacker tripping on a canary token.
More Details:
Tokens consist of a unique identifier (which can be embedded in either HTTP URLs or in hostnames.) Whenever that URL is requested, or the hostname is resolved, we send a notification email to the address tied to the token. You can get one in seconds, using just your browser.
π» Pixel That Steals Data - Iβm Invisible
INFO
This vulnerability can be found on the places where you have an option of uploading an image using URL eg. forums, discussion pages, comments sections, messages, fetching image using
<img src=βURLβ>tag etc. Get IP address, ISP, country name, city name, region, Device info, browser details.
- Go to IPLogger and generate an invisible image
- After that a link will be generated, copy it and click on Logged IPβs
- Now upload the image : 2 ways
- Fetch image using web
- Fetch image using
<img src=βURLβ>tag