Skip to content
This repository has been archived by the owner on Nov 10, 2023. It is now read-only.

Support traps serving .jpg, .png etc. #28

Open
jviide opened this issue Nov 4, 2016 · 6 comments
Open

Support traps serving .jpg, .png etc. #28

jviide opened this issue Nov 4, 2016 · 6 comments
Labels
feature

Comments

@jviide
Copy link
Contributor

jviide commented Nov 4, 2016
edited by oherrala
Loading

Support traps serving .jpg, .png etc. as some services and bots only watch for images.

Suggested by https://twitter.com/raimue/status/794558042255851520.
@jviide jviide added the feature label Nov 4, 2016
@uolevi
Copy link

uolevi commented Nov 5, 2016
edited
Loading

Perhaps any filename extension. Then it could be used to replace web bug type of Canarytokens (so there would be no need to change already planted tokens but just the server).

@jviide
Copy link
Contributor Author

jviide commented Nov 7, 2016

Yup. Would it be a good idea to make trap URLs return 404 (Not Found) instead of 200 (OK)? I don't know if it's needed at all, but maybe that way we would avoid unintentionally fuzzing JPG parsers and such :)

@uolevi
Copy link

uolevi commented Nov 9, 2016

What do you mean by unintentionally fuzzing JPG parsers?

@raimue
Copy link

raimue commented Nov 9, 2016
edited
Loading

It would be unexpected if an URL with a .jpg extension returns text/html instead of image/jpeg. Although proper JPEG parsers would recognize this quickly as an invalid image, serving a 404 might have better effects for display on the client side of the trap receiver.

@jviide
Copy link
Contributor Author

jviide commented Nov 9, 2016

@raimue explained it well. I'm actually not too worried about JPEG, but some less battle-hardened parsers for more exotic formats might have problems.

Other status code choices include 401 (Unauthorized) and 403 (Forbidden).

Returning 451 (Unavailable For Legal Reasons) would be funny though ;)

jviide added a commit that referenced this issue Nov 9, 2016
@jviide
Support trap URL suffixes & return 404 for traps
e842d4b 
Now any trap URL path can be suffixed with a string that begins with
either "." or "/". Also query strings are supported. These suffixes
(path suffix + query string) are stored for potential later use.

Implements changes suggested in #28.
@jviide
Copy link
Contributor Author

jviide commented Nov 9, 2016

Commit e842d4b is now deployed to the live site. It modifies trap URLs to return status code 404. Moreover we now support trap URL suffixes, which allows appending stuff to the trap URL path as long as the additional part starts with . or /. So if you have a trap URL https://uriteller.io/blah you can also use https://uriteller.io/blah.png or https://uriteller.io/blah/xyzzy.

The suffixes are stored for potential future use. For example https://uriteller.io/blah.png stores the suffix .png. Query string gets counted as a part of the suffix, so https://uriteller.io/blah/xyzzy?hello=world stores /xyzzy?hello=world.

Feel free to try it out! There is currently no particular support for this functionality in the UI side, but it's probably still useful.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raimue @uolevi @jviide