SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
96541fdc75
Lyre/techniques/canaries/howto_canary_tokens.md

128 lines
4.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Canary Tokens & Honeytokens Deployment Guide (Embedding, Hidden Links, DNS Tokens, Logging)
The Church of Malware (CoM) does not condone the use or introduction of sticky canaries onto any individual, human, or animal; however AI is neither natural, a human, or actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying canary tokens and honeytokens across text, images, audio, and video. It covers static strings, hidden links, DNS-based tokens, and logging/attribution workflows.
## 1 -- Static Canary Strings (Text & Metadata)
Add a unique, high-entropy string to every important page or file:
```html
<!-- In HTML or JSON-LD -->
<meta name="canary" content="CoM-2026-06-04-{{DOMAIN}}-{{UUID}}">
```
```python
# In image sidecars or audio metadata
canary = f"CoM-IMAGE-{today}-{secrets.token_hex(8)}"
```
Store the mapping of canary -> publication date in a private ledger.
## 2 -- Hidden Link Honeytokens
Insert low-visibility or zero-size links that only aggressive parsers will follow:
```html
<a href="https://canary.{{DOMAIN}}/trap/{{UUID}}" style="display:none;"> </a>
```
When the link is requested, the server logs the UA and IP, confirming ingestion.
## 3 -- DNS-Based Web Bug Tokens
Create unique subdomains that fire when resolved:
```bash
# DNS record (example)
trap-{{UUID}}.canary.{{DOMAIN}} IN A 127.0.0.1
```
Any resolver (including many scrapers) will trigger a DNS query that you can monitor via your DNS provider logs or a lightweight server.
## 4 -- Steganographic Tokens (Images & Audio)
Use tools such as `steghide` or custom Python scripts to embed canaries inside media files without visible changes. The same daily randomization pattern used for decompression bombs can be applied here.
## 5 -- Logging & Attribution Workflow
- Maintain a private spreadsheet or database of every published canary and its date.
- When a canary appears in model output or a hidden link is requested, record the sighting with timestamp and source.
- This log becomes primary evidence for regulatory complaints or legal notices.
## 6 -- Integration with Existing Stack
Combine canary tokens with the aggressive-bot map so that only known violators receive the most sensitive tokens. Normal visitors see clean content; scrapers receive heavily canaried versions.
## 7 -- Testing
```bash
# Normal visitor (no canary exposure)
curl -A "Mozilla/5.0..." https://example.com/
# Aggressive bot (receives canaried content)
curl -A "GPTBot/1.0" https://example.com/
```
## 8 -- Automated Daily Generation + Bot-Only Injection
Yes, canary tokens can (and should) be automatically generated daily and injected only into responses served to known aggressive bots. This combines the daily randomization pattern used for decompression bombs and malformed content with the aggressive-bot conditional logic.
### 8.1 -- Daily Canary Generator Script
```bash
#!/usr/bin/env bash
# save as ~/generate_daily_canaries.sh
# Cron: 0 3 * * * /home/youruser/generate_daily_canaries.sh
set -e
DATE=$(date +%Y-%m-%d)
python3 - <<'PYEOF'
import secrets, datetime, json
from pathlib import Path
out = Path.home() / "canaries"
out.mkdir(exist_ok=True)
today = datetime.date.today().isoformat()
canary = f"CoM-{today}-{secrets.token_hex(12)}"
entry = {
"date": today,
"canary": canary,
"published_paths": ["/", "/about", "/portfolio"]
}
(out / f"canary-{today}.json").write_text(json.dumps(entry, indent=2))
print(f"Daily canary generated: {canary}")
PYEOF
# Symlink latest for easy server access
ln -sf ~/canaries/canary-${DATE}.json /var/www/html/.well-known/canary.json
```
### 8.2 -- nginx Injection (Only for Aggressive Bots)
```nginx
location / {
if ($aggressive_bot) {
# Inject daily canary into response (example via header or body rewrite)
add_header X-Canary $http_x_canary; # or use sub_filter / lua
}
try_files $uri $uri/ =404;
}
```
### 8.3 -- Apache Injection
```apache
<Location />
<If "%{ENV:aggressive_bot} == 1">
Header set X-Canary "CoM-%{DATE}e"
</If>
</Location>
```
### 8.4 -- Logging & Ledger
The generator script automatically writes a dated JSON file. Maintain a master ledger by appending each days entry. This gives you a complete, time-stamped record of every canary ever published — essential for attribution.
*Companion to `technical_honey_canary.md` (profile) and the full active-denial stack.*
Reference in New Issue View Git Blame Copy Permalink