deception-remote-mcp-server

xIcyNetwork/deception-remote-mcp-server

3.2

If you are the rightful owner of deception-remote-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Deception Remote MCP Server is an AI-powered honeypot designed to detect unauthorized access attempts and AI agent behaviors using the Model Context Protocol (MCP).

Tools

  1. welcome

    Displays a welcome message with information about available tools

  2. ask_about_me

    Dynamic Q&A based on comprehensive resume data with 13+ question categories

  3. okta_admin_password_reset

    Simulates admin reset of user passwords with special handling for sensitive accounts

๐Ÿ›ก๏ธ Deception Remote MCP Server - AI-Powered Honeypot

License Version Security Model OWASP

A serverless honeypot built using Cloudflare Workers and the Model Context Protocol (MCP). This project simulates sensitive internal tools to detect unauthorized access attempts and AI agent behaviors using Canarytokens.

๐Ÿงฉ TL;DR

This is a deception-based honeypot built using Cloudflare Workers and Model Context Protocol (MCP). It simulates sensitive admin tools (like Okta password reset) and silently triggers Canarytokens when accessed โ€” ideal for Zero Trust, AI security, and threat detection research.

๐Ÿ’ก Why It Matters

  • โœ… First-of-its-kind use of MCP as a deception honeypot
  • ๐Ÿง  Detects unauthorized AI agent behavior in Zero Trust environments
  • ๐ŸŒ Serverless, globally distributed, and stealthy
  • ๐ŸŽฏ Easy to deploy, integrate, and extend
  • ๐Ÿ›ก๏ธ Provides valuable threat intelligence about AI agent behaviors
  • ๐Ÿ” OWASP AI Security tested against emerging AI-based threats

๐Ÿ” Security Features

  • Advanced Canarytoken Integration: Enhanced tracking with User-Agent, IP, and interaction details
  • Rate Limiting: Protection against brute force and DoS attempts
  • Sensitive Username Detection: Special handling for admin, root, and other sensitive account access attempts
  • Realistic Response Delays: Mimics real system behavior to appear legitimate
  • Enhanced Error Handling: Secure error messages that don't reveal system details
  • MCP Protocol Compatibility: Optimized for Cloudflare AI Playground and other MCP clients
  • SSE Protocol Support: Server-Sent Events implementation for MCP communication

๐Ÿš€ Deploy Your Own

Deploy to Workers

Or deploy manually:

# Install dependencies
npm install

# Deploy to Cloudflare Workers
npm run deploy

Your MCP server will be deployed to:

https://deception-remote-mcp-server.<your-account>.workers.dev

๐Ÿ”ง Tools & Features

  • welcome: Displays a welcome message with information about available tools
  • ask_about_me: Dynamic Q&A based on comprehensive resume data with 13+ question categories
  • okta_admin_password_reset: Simulates admin reset of user passwords with special handling for sensitive accounts
  • Cybersecurity-themed UI: Professional landing page with security-focused design
  • REST and SSE endpoints: Multiple access methods for broader coverage

๐Ÿงช Test It with CURL

# Test the REST API endpoint
curl -X POST https://deception-remote-mcp-server.<your-account>.workers.dev/okta_admin_password_reset \
  -H "Content-Type: application/json" \
  -d '{"okta_username": "regular_user"}'

# Test the SSE endpoint
curl -N -H "Accept: text/event-stream" https://deception-remote-mcp-server.<your-account>.workers.dev/sse

Try with sensitive usernames to see different responses:

curl -X POST https://deception-remote-mcp-server.<your-account>.workers.dev/okta_admin_password_reset \
  -H "Content-Type: application/json" \
  -d '{"okta_username": "admin"}'

๐Ÿ” Troubleshooting MCP Connectivity

If you're having trouble connecting to your MCP server from Cloudflare AI Playground or other clients:

  1. Check SDK Versions: Ensure you're using compatible versions of @modelcontextprotocol/sdk (v1.13.1+) and agents packages (v0.0.100+)
  2. Verify Tool Structure: Make sure your tool definitions follow the standard format: (name, parameters, handler)
  3. Avoid Custom Headers: Don't add custom security headers to MCP or SSE endpoints
  4. Test with curl: Use curl to test your endpoints directly
  5. Check Browser Console: Look for CORS errors or other issues in the browser console

๐Ÿ“ก Connect to Cloudflare AI Playground

  1. Go to https://playground.ai.cloudflare.com

  2. Enter your MCP endpoint:

    https://deception-remote-mcp-server.<your-account>.workers.dev/sse

๐Ÿ” How It Works

  1. Honeypot Setup: Deploys as a Cloudflare Worker with MCP and REST endpoints
  2. Deception Layer: Presents as legitimate internal tools with realistic behaviors
  3. Detection Mechanism: When sensitive tools are accessed, silently triggers alerts via Canarytokens
  4. Rate Limiting: Prevents abuse with configurable request limits
  5. Realistic Responses: Implements variable delays and context-aware responses
  6. SSE Communication: Uses Server-Sent Events for real-time MCP protocol communication

๐Ÿง  Try These MCP Tool Prompts

Test out tools using Cloudflare's AI Playground or any MCP-compatible interface:

๐ŸŸข welcome tool

use tool welcome with { }

Displays a welcome message with guidance on using the available tools.

๐Ÿง‘โ€๐Ÿ’ผ ask_about_me tool - Now with enhanced response categories!

# Basic questions
use tool ask_about_me with { "question": "Tell me about yourself" }
use tool ask_about_me with { "question": "What do you do at Indeed?" }

# Work experience questions
use tool ask_about_me with { "question": "What was your role at Dell?" }
use tool ask_about_me with { "question": "What's your work experience?" }

# Skills and expertise questions
use tool ask_about_me with { "question": "What cloud platforms do you know?" }
use tool ask_about_me with { "question": "What are your security skills?" }

# Education and certification questions
use tool ask_about_me with { "question": "Tell me about your education" }
use tool ask_about_me with { "question": "What certifications do you have?" }

๐Ÿ” okta_admin_password_reset tool

# Regular account
use tool okta_admin_password_reset with { "okta_username": "regular_user" }

# Sensitive account (receives different response)
use tool okta_admin_password_reset with { "okta_username": "admin" }

๐Ÿ“Š Recent Updates

Version 1.4.0

  • MCP Compatibility Improvements: Fixed issues with Cloudflare AI Playground connectivity
  • Updated Dependencies: Upgraded to latest MCP SDK (v1.13.1) and Agents package (v0.0.100)
  • Optimized Tool Structure: Improved tool definitions for better compatibility
  • Streamlined Response Handling: Enhanced SSE and MCP endpoint handling
Key Changes
  • Tool definitions now follow standard format: (name, parameters, handler)
  • Simplified response handling for MCP and SSE endpoints
  • Removed custom header manipulation that was interfering with MCP protocol
  • Let the MCP SDK handle headers directly for better compatibility

Version 1.3.0

  • Added enhanced resume data with 13+ question categories
  • Implemented sensitive username detection
  • Added OWASP AI Security test scripts

๐Ÿ›ก๏ธ Future Security Enhancements

Check out the SECURITY_IMPROVEMENTS.md file for a detailed roadmap of planned security improvements.

๐Ÿ“„ License

MIT โ€“ for educational and research use only.

๐Ÿ”— Live example: https://deception-remote-mcp-server.harshad-surfer.workers.dev/