Is your feature request related to a problem? Please describe.
As a developer, I need a way to facilitate communications between the browser extension and the analysis server.
Describe the solution you'd like
A middleman server that has API routes to capable of applying main logic of detecting and intercepting phishing related traffic.
Additional context
As a developer, the server needs to minimally:
Act as command and control server between browser extension and analysis server
Identifying if URL in question should be sent to analysis server
Is your feature request related to a problem? Please describe.
To determine if a site is phishing related, I first require automated means to understand the profile of a given URL.
Note that this is a prerequisite for #2: Determine if website is a phishing site.
Describe the solution you'd like
An ML-based algorithm that could identify the company behind given login page.
Additional context
As a proof of concept, the algorithm will be able to correctly identify the 2 different login page via screenshots:
Is your feature request related to a problem? Please describe.
As a company, I would like to find available phishing solutions out in the market that the company can use to increase the security features of the firm.
Describe the solution you'd like
A landing page for HoneyWatt for the public to view and understand our solutions.
Additional context
As a company, I would like to see
Is your feature request related to a problem? Please describe.
As a developer, I would like to ensure that requests coming into the server are authenticated and authorised to do so.
Assuming that Server A is hosting the REST API, and Server B would like to access the API, the OAuth 2.0 Client Credentials Flow involving 3rd party authorization server should be as follows:
Server B sends a secret key to the authorization server to prove who they are and asks for a temporary token.
Server B then consumes the REST API as usual but sends the token along with the request.
Server A asks the authorization server for some metadata that can be used to verify tokens.
Server A verifies the Server Bβs request.
If itβs valid, a successful response is sent and Server B is happy.
If the token is invalid, an error message is sent instead, and no sensitive information is leaked.
Describe the solution you'd like
Set up OAuth 2.0 server -- preferably by sourcing from open-source or cheap solutions.
Additional context
Further research to be done:
Check if typical OAuth2.0 flow is suitable for server-to-server solution
Check if JWT flow is suitable for extension-to-server solution
Is your feature request related to a problem? Please describe.
As a new developer, setting up of development environment is overly complicated especially due to numerous configurations needed for chrome extension, database, and the various servers.
Describe the solution you'd like
Use docker to containerise C2 servers and database. Easy terminal commands will ensure painless setup of development environment and deployment in the future.
Additional context
Some cavets to note:
Installing Docker into WSL will cause virtualisation programs like VirtualBox and VMware Player to crash
Current format of Issue and Pull Requests varies from person to person.
It would be good to have a standardized format to allow consistency and maintainability.
What should be done?
Create .github folder with subfolders ISSUE_TEMPLATE and PULL_REQUEST_TEMPLATE