How to Track Anyone’s IP using Transparent Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & more..

Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, WireGuard, Kubeconfig and more..

XIT
5 min readJan 14, 2024

Follow XIT on medium & UglyCompany on Telegram for more..

Greetings, World! Welcome to XIT. Today I’ll teach ya’ll how to track anyone’s IP using Transparent Images! Yeah.. That’s truu.. We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..

Understanding Canarytokens

Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.

The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house.. lmao

Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems diappointing and ugly surprises!!

Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.

  1. Web bug / URL token — Alert when a URL is visited
  2. DNS token — Alert when a hostname is requested
  3. AWS keys — Alert when AWS key is used
  4. Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
  5. Sensitive command token — Alert when a suspicious Windows command is run
  6. Microsoft Word document — Get alerted when a document is opened in Microsoft Word
  7. Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
  8. Kubeconfig token — Alert when a Kubeconfig is used
  9. WireGuard VPN — Alert when a WireGuard VPN client config is used
  10. Cloned website — Trigger an alert when your website is cloned
  11. QR code — Generate a QR code for physical tokens
  12. MySQL dump — Get alerted when a MySQL dump is loaded
  13. Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
  14. Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
  15. Fast redirect — Alert when a URL is visited, User is redirected
  16. Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
  17. Custom image web bug — Alert when an image you uploaded is viewed
  18. Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
  19. Custom exe / binary — Fire an alert when an EXE or DLL is executed
  20. Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
  21. SVN — Alert when someone checks out an SVN repository
  22. Unique email address — Alert when an email is sent to a unique address

Step-by-Step Usage

Go to canarytokens.org & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.

https://canarytokens.org/generate#

Generate a Canarytoken, which is a unique URL or Fast redirect or anything else upto ur choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.

EXAMPLE

Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If an target arrives upon it, you’ll receive an email notification, alerting you that something is off.

Clicked..

Fast Redirect was really super fast.. Later I tried using URL shortner and surprisingly our main URL was not noticable in real..

If ur target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:

You can also rename the generated PDF/Excel/Word document without affecting its operation.

If you learnt anything from this blog, we’d appreciate your engagement — give it a clap and consider sharing to help spread the knowledge. Also Follow XIT on medium & UglyCompany on Telegram. Your support means a lot to us!

A supporter is worth a thousand followers. 😊

--

--

XIT

SHHH! The voice of none is stronger than the voice of one.