W 30: CanaryTokens (5 pts)

What You Need

Any computer with Web access.


Canary Tokens are email addresses, URLs, and other objects which can be detected when they are used. A defender puts them on servers, among other data that might be stolen.

If they are used, that indicates that someone has stolen that data.

Making a Web Bug

In a browser, go to


Enter these values, as shown below, replacing YOURNAME with your own name.

Click the "Create my Canarytoken" button.

On the next page, click the little green icon to copy the token to the Clipboard, as shown below.

Click the "Create my Canarytoken" button.

Testing the Web Bug

Paste the token into a browser and press Enter to visit that URL.

It's just blank page, as shown below.

Read the email address you specified. You get a message titled "Your Canarytoken was Triggered", as shown below.

Flag W 30.1: Message (5 pts)

The flagĀ is covered by a green box in the image below.


How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions

Posted 10-2-17