Add src_port field to HTTP tokens

thinkst · Feb 13, 2025 · b95ebc2 · b95ebc2
1 parent 00ebe0f
commit b95ebc2
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/canarytokens/models.py b/canarytokens/models.py
@@ -1567,6 +1567,7 @@ class TokenHit(BaseModel):
     # token_type: GeneralHistoryTokenType
     time_of_hit: float
     src_ip: Optional[str]
+    src_port: Optional[str]
     geo_info: Union[GeoIPInfo, GeoIPBogonInfo, None, Literal[""]]
     is_tor_relay: Optional[bool]
     input_channel: str

diff --git a/canarytokens/settings.py b/canarytokens/settings.py
@@ -24,6 +24,7 @@ class SwitchboardSettings(BaseSettings):
     REDIS_DB: str = "0"
 
     REAL_IP_HEADER: str = "x-real-ip"
+    REAL_PORT_HEADER: str = "x-real-port"
 
     WG_PRIVATE_KEY_SEED: str
     WG_PRIVATE_KEY_N: str = "1000"

diff --git a/canarytokens/tokens.py b/canarytokens/tokens.py
@@ -317,6 +317,10 @@ def _grab_http_general_info(request: Request):
             request.getHeader(switchboard_settings.REAL_IP_HEADER)
             or request.client.host
         )
+        src_port = (
+            request.getHeader(switchboard_settings.REAL_PORT_HEADER)
+            or request.client.port
+        )
         # DESIGN/TODO: this makes a call to third party ensure we happy with fails here
         #              and have default.
         is_tor_relay = queries.is_tor_relay(src_ip)
@@ -342,6 +346,7 @@ def _grab_http_general_info(request: Request):
             "useragent": useragent,
             "x_forwarded_for": src_ip_chain,
             "src_ip": src_ip,
+            "src_port": src_port,
             "time_of_hit": hit_time,
             "is_tor_relay": is_tor_relay,
             "request_headers": request_headers,