Deception Remote MCP Server

Deception Remote MCP Server

Simulates sensitive internal tools as a honeypot to detect unauthorized access and AI agent behaviors using Canarytokens, deployed as a serverless Cloudflare Worker with MCP protocol support.

Category
Visit Server

README

๐Ÿ›ก๏ธ Deception Remote MCP Server - AI-Powered Honeypot

License Version Security Model OWASP

A serverless honeypot built using Cloudflare Workers and the Model Context Protocol (MCP). This project simulates sensitive internal tools to detect unauthorized access attempts and AI agent behaviors using Canarytokens.

๐Ÿงฉ TL;DR

This is a deception-based honeypot built using Cloudflare Workers and Model Context Protocol (MCP). It simulates sensitive admin tools (like Okta password reset) and silently triggers Canarytokens when accessed โ€” ideal for Zero Trust, AI security, and threat detection research.

๐Ÿ’ก Why It Matters

  • โœ… First-of-its-kind use of MCP as a deception honeypot
  • ๐Ÿง  Detects unauthorized AI agent behavior in Zero Trust environments
  • ๐ŸŒ Serverless, globally distributed, and stealthy
  • ๐ŸŽฏ Easy to deploy, integrate, and extend
  • ๐Ÿ›ก๏ธ Provides valuable threat intelligence about AI agent behaviors
  • ๐Ÿ” OWASP AI Security tested against emerging AI-based threats

๐Ÿ” Security Features

  • Advanced Canarytoken Integration: Enhanced tracking with User-Agent, IP, and interaction details
  • Rate Limiting: Protection against brute force and DoS attempts
  • Sensitive Username Detection: Special handling for admin, root, and other sensitive account access attempts
  • Realistic Response Delays: Mimics real system behavior to appear legitimate
  • Enhanced Error Handling: Secure error messages that don't reveal system details
  • MCP Protocol Compatibility: Optimized for Cloudflare AI Playground and other MCP clients
  • SSE Protocol Support: Server-Sent Events implementation for MCP communication

๐Ÿš€ Deploy Your Own

Deploy to Workers

Or deploy manually:

# Install dependencies
npm install

# Deploy to Cloudflare Workers
npm run deploy

Your MCP server will be deployed to:

https://deception-remote-mcp-server.<your-account>.workers.dev

๐Ÿ”ง Tools & Features

  • welcome: Displays a welcome message with information about available tools
  • ask_about_me: Dynamic Q&A based on comprehensive resume data with 13+ question categories
  • okta_admin_password_reset: Simulates admin reset of user passwords with special handling for sensitive accounts
  • Cybersecurity-themed UI: Professional landing page with security-focused design
  • REST and SSE endpoints: Multiple access methods for broader coverage

๐Ÿงช Test It with CURL

# Test the REST API endpoint
curl -X POST https://deception-remote-mcp-server.<your-account>.workers.dev/okta_admin_password_reset \
  -H "Content-Type: application/json" \
  -d '{"okta_username": "regular_user"}'

# Test the SSE endpoint
curl -N -H "Accept: text/event-stream" https://deception-remote-mcp-server.<your-account>.workers.dev/sse

Try with sensitive usernames to see different responses:

curl -X POST https://deception-remote-mcp-server.<your-account>.workers.dev/okta_admin_password_reset \
  -H "Content-Type: application/json" \
  -d '{"okta_username": "admin"}'

๐Ÿ” Troubleshooting MCP Connectivity

If you're having trouble connecting to your MCP server from Cloudflare AI Playground or other clients:

  1. Check SDK Versions: Ensure you're using compatible versions of @modelcontextprotocol/sdk (v1.13.1+) and agents packages (v0.0.100+)
  2. Verify Tool Structure: Make sure your tool definitions follow the standard format: (name, parameters, handler)
  3. Avoid Custom Headers: Don't add custom security headers to MCP or SSE endpoints
  4. Test with curl: Use curl to test your endpoints directly
  5. Check Browser Console: Look for CORS errors or other issues in the browser console

๐Ÿ“ก Connect to Cloudflare AI Playground

  1. Go to https://playground.ai.cloudflare.com

  2. Enter your MCP endpoint:

    https://deception-remote-mcp-server.<your-account>.workers.dev/sse

๐Ÿ” How It Works

  1. Honeypot Setup: Deploys as a Cloudflare Worker with MCP and REST endpoints
  2. Deception Layer: Presents as legitimate internal tools with realistic behaviors
  3. Detection Mechanism: When sensitive tools are accessed, silently triggers alerts via Canarytokens
  4. Rate Limiting: Prevents abuse with configurable request limits
  5. Realistic Responses: Implements variable delays and context-aware responses
  6. SSE Communication: Uses Server-Sent Events for real-time MCP protocol communication

๐Ÿง  Try These MCP Tool Prompts

Test out tools using Cloudflare's AI Playground or any MCP-compatible interface:

๐ŸŸข welcome tool

use tool welcome with { }

Displays a welcome message with guidance on using the available tools.

๐Ÿง‘โ€๐Ÿ’ผ ask_about_me tool - Now with enhanced response categories!

# Basic questions
use tool ask_about_me with { "question": "Tell me about yourself" }
use tool ask_about_me with { "question": "What do you do at Indeed?" }

# Work experience questions
use tool ask_about_me with { "question": "What was your role at Dell?" }
use tool ask_about_me with { "question": "What's your work experience?" }

# Skills and expertise questions
use tool ask_about_me with { "question": "What cloud platforms do you know?" }
use tool ask_about_me with { "question": "What are your security skills?" }

# Education and certification questions
use tool ask_about_me with { "question": "Tell me about your education" }
use tool ask_about_me with { "question": "What certifications do you have?" }

๐Ÿ” okta_admin_password_reset tool

# Regular account
use tool okta_admin_password_reset with { "okta_username": "regular_user" }

# Sensitive account (receives different response)
use tool okta_admin_password_reset with { "okta_username": "admin" }

๐Ÿ“Š Recent Updates

Version 1.4.0

  • MCP Compatibility Improvements: Fixed issues with Cloudflare AI Playground connectivity
  • Updated Dependencies: Upgraded to latest MCP SDK (v1.13.1) and Agents package (v0.0.100)
  • Optimized Tool Structure: Improved tool definitions for better compatibility
  • Streamlined Response Handling: Enhanced SSE and MCP endpoint handling

Key Changes

  • Tool definitions now follow standard format: (name, parameters, handler)
  • Simplified response handling for MCP and SSE endpoints
  • Removed custom header manipulation that was interfering with MCP protocol
  • Let the MCP SDK handle headers directly for better compatibility

Version 1.3.0

  • Added enhanced resume data with 13+ question categories
  • Implemented sensitive username detection
  • Added OWASP AI Security test scripts

๐Ÿ›ก๏ธ Future Security Enhancements

Check out the SECURITY_IMPROVEMENTS.md file for a detailed roadmap of planned security improvements.

๐Ÿ“„ License

MIT โ€“ for educational and research use only.

๐Ÿ”— Live example: https://deception-remote-mcp-server.harshad-surfer.workers.dev/

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured