Comments (11)
I agree, I feel like I'm missing something as it doesn't seem wise to have the same interface for managing/generating tokens on the same public interface that the tokens are detected being used.
from canarytokens-docker.
Hopefully Thinkst would address this ASAP
from canarytokens-docker.
Hi Jordan, have u tested the new version of canary tokens. Seems like i am havin some issues with the DNS tokens. I have set it up on an AWS ubuntu instance. Also made sure tht the requirements like setting up a public IP address, a domain name etc have been set up. For testing purposes i have made sure tht the security groups in AWS is allow all inbound and outbound traffic to this instance. Wondering whats causing the issue. Am i missing something
from canarytokens-docker.
Hi @Manu-Surendra, what issues are you having with the DNS tokens?
from canarytokens-docker.
I think i figured out the issue, i should have followed the procedure properly. I just created an A record and pointed it my public Ip and hence it did not work. So now i have created my own pvt name server. Had to create a new domain all together cause godaddy does not support private Nameservers. Am waiting for the propagation of newly registered private name server. Planning to check it on Monday.
from canarytokens-docker.
hi, the propagation of the my nameserver is completed. Its updated in most of the countries, its just a matter time now, for it to replicate across full. Thanks a lot guys, it works now
from canarytokens-docker.
Hi @thinkst , would you guys come up some basic authentication in the future. We wanna use it in our company environment, but we are scared that anyone can access the website and generate their own tokens. Please give us an on update on this
from canarytokens-docker.
Hey @Manu-Surendra, unfortunately we do not have basic authentication on our current roadmap, however its not all doom and groom. There are a couple ways in which you could potentially add basic auth support.
- There should be an nginx configuration that would allow for basic auth. This method would require less code, but a change to the nginx docker image. You could check the nginx documentation on how to do that.
- You could add the basic auth wrapper to our site manager. Basic auth is supported by twisted and so with a little bit of digging you could easily get basic auth.
The complexity with adding authentication would be where the list of users are stored, added, managed. We would gladly accept a PR if you come right with adding the basic auth support.
Thanks for the suggestion though!
from canarytokens-docker.
@thinkst , we found another way of overcoming the issue. we have blocked access to the "http://mydomain.com/generate" page using URL filtering so that no one can access it from outside. And we use the internal IP of the instance to access it and generate tokens. Since only the http://mydomain.com/generate is blocked, the tokens gets triggered without any issues whn someone accesses it externally . Yes, i will test the nginx and auth wrapper from twisted and will keep u guys posted
from canarytokens-docker.
Just for those who will be looking for enabling basic auth.
Just create .htpasswd under nginx directory and amend nginx.conf file (google it). Then add additional COPY line in nginx/Dockerfile to copy .htpasswd file. Once done, you need to rebuild container, just run docker build
(from canarytokens-docker directory). On next run you will have new changes.
from canarytokens-docker.
Hey @kuriackovskij,
Thanks for the information and step through. Ill give it a go in the next few days and perhaps add it as something easier to enable.
Thanks again!
from canarytokens-docker.
Related Issues (20)
- Word safty view not triggering token HOT 2
- Sending mails via sendgrid not working HOT 4
- This is relevant for EVERYONE installing Canarytokens after 29.10.22: Crash on startup HOT 2
- Getting the following error with switchboard: "Unable to format event" HOT 2
- Support for MatterMost webhooks as well as Slack
- [SOLVED] - Remove/delete a single token? HOT 2
- canarytokens.com Categorised as - "Malicious Sites" HOT 1
- Incident List not showing or exporting more than 10 entries HOT 3
- [channel_output_email#error] A smtp error occurred: <class 'smtplib.SMTPSenderRefused'> - (550, 'From header is missing, header is not RFC 5322 compliant', '') HOT 2
- Making Canary Tokens work in an intranet environment HOT 2
- port for sensitive command HOT 2
- sensitive command wrong domain HOT 2
- Random Domains used in DNS-Token HOT 8
- [BUG] BasicAuth requires workaround? HOT 2
- Running with Docker-compose ends up with a lot of errors HOT 5
- [BUG] v3 - object has no attribute 'SMTP_SERVER' HOT 4
- Canary Token conflicts with already running service in port 53 in ubuntu HOT 2
- [BUG] AWS Tokens not firering (sometimes?) HOT 1
- Support for Load Balancer DNS Record in CANARY_PUBLIC_IP HOT 3
- Enhance CanaryToken to Capture Real User IP and Extract More Values HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from canarytokens-docker.