Excited to see the open-source canarytokens.org offering #Azure #CanaryTokens! One more type of sensitive data that attackers now need to worry about using: https://blog.thinkst.com/2023/02/canarytokens-org-welcomes-azure-login-certificate-token.html
@jacob
How can you detect the copying of your website if you trigger the canary token at getting stage if you serve the website? Too buzzed to figure this magic out.
Sure an SQL dump is easy to detect but this sounds too good to be true.
More information here: https://docs.canarytokens.org/guide/cloned-web-token.html#what-is-a-cloned-website-token basically the original URL is stored in JS that checks the current URL to see if it's ben hosted elsewhere.
@jacob
Thank you.
People who are making fake paypal.com login pages are not sophisticated, and thus get caught by these types of things, they are not reversing minified JS to check for this. If they are, it slows down their work and makes them more dificult.
