pranmar123 / antiphish Goto Github PK

After testing the boilerplate code that we initially wanted to go with, I found that it was too complicated and there was not enough documentation to understand on it. I have identified two potential boilerplate that we can use OR we can go over the original boilerplate code that was chosen last semester and try to figure out how the layout works.

1. Original boilerplate code that we selected last semester: https://github.com/EmailThis/extension-boilerplate
2. The boilerplate codes that I identified and tested:
   https://extensionizr.com/!#{%22modules%22:[%22hidden-mode%22,%22with-bg%22,%22with-persistent-bg%22,%22no-options%22,%22no-override%22],%22boolean_perms%22:[],%22match_ptrns%22:[]}
   https://github.com/duo-labs/chrome-extension-boilerplate

• Create the UI dropdown and plugin button
• Leave a default value for the percentage score, this field will be connected by the backend
• Use these mockups as a rough guideline: https://github.com/pranmar123/AntiPhish/wiki/Name-&-Logo-Design

• Look at the gmail.js docs and come up with a list of API calls that our programs need to make in order to get the following:
  • The email body text
  • The sender's email and name
  • If there is no body text and there is only an image in the body, then get the link of that image.

Integrate gmail.js api to our boilerplate code

Use these repos for reference:
https://github.com/KartikTalwar/gmail.js/
https://github.com/josteink/gmailjs-node-boilerplate

• Explore the possibility of using an external API instead of creating our own script for determining phishing links
• We should be able to send URLS to this API and it tells us if its a scam or not
• Dashon suggested using: Google Safe Browsing API

Problem: Gmail.js API is not loading before chrome loads Gmail.

• Look into adding WebAccessibleResources
• Goal is to have our script load before Chrome loads Gmail.

• Set up a docker container with a script for our plugin to work with
• Research how we can connect the docker container with our plugin

• @Abdulyafai Can you provide a screenshot of the error?

• Test: https://github.com/brandonnix95/EmailPhishing
• Provide a summary of impressions, suggestions, and results from the tests.

• Research and determine the appropriate settings needed for our extension
• Create the boilerplate code from Exensionizr
• Integrate that code into our codebase

https://extensionizr.com/!#{%22modules%22:[%22hidden-mode%22,%22with-bg%22,%22with-persistent-bg%22,%22no-options%22,%22no-override%22],%22boolean_perms%22:[],%22match_ptrns%22:[]}

• Look into how our extension can talk to the external API (or our own scripts)
• Look into how our extension can send HTML or links or text to a docker container
• Set up the docker container and find a server to host it on

• Create a python script that will take in input text (the body of a message), but if there is not any text in the body of the email, then extract the link of the picture (send that over to the Google API)
• Take in the sender's email address as an input and see if we can do anything with that
• Figure out common phishing email patterns (grammar mistakes, the sender's email, etc.)
• Come up with the algorithm
• Document the rules used and the weights for each of the rules

• Look into and find out how many phishing emails contain images
• Find out whether the emails that contain images are links (when you click the image it directs you to a site) or if they are just images that have phishing text on them
• Think of any methods of how we can analyze the text from the images