{"id":13528334,"url":"https://github.com/serverless-seoul/suspicious-serverless","last_synced_at":"2025-04-01T11:31:21.401Z","repository":{"id":116971489,"uuid":"93382868","full_name":"serverless-seoul/suspicious-serverless","owner":"serverless-seoul","description":"A collection of microservices for suspicious content inspection","archived":false,"fork":false,"pushed_at":"2020-05-16T22:26:12.000Z","size":710,"stargazers_count":15,"open_issues_count":20,"forks_count":2,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-02T13:34:22.470Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/serverless-seoul.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-06-05T08:35:17.000Z","updated_at":"2020-05-19T08:56:08.000Z","dependencies_parsed_at":"2024-01-13T15:37:48.144Z","dependency_job_id":"cb57c9df-229a-4fc8-9b1b-89befe8d9b50","html_url":"https://github.com/serverless-seoul/suspicious-serverless","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless-seoul%2Fsuspicious-serverless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless-seoul%2Fsuspicious-serverless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless-seoul%2Fsuspicious-serverless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless-seoul%2Fsuspicious-serverless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/serverless-seoul","download_url":"https://codeload.github.com/serverless-seoul/suspicious-serverless/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246631897,"owners_count":20808777,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T06:02:26.223Z","updated_at":"2025-04-01T11:31:20.998Z","avatar_url":"https://github.com/serverless-seoul.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"# suspicious-serverless\n\n## Business Domain\n\nA collection of utilities for analyzing suspicious content, using Serverless Framework.\n\n\n## Responsibility\n\n- Resolve redirection chain (urls) from given url\n- Inspect page content from given url\n  - Detect client-side page redirection\n  - Detect client-side page rendering (e.g. React app)\n\n\n## Usage\n\n\n### Get redirection chain (urls)\n\nResolve redirection chain (urls) from given url.\n\n#### Request\n\n```http\nGET /stage/redirection-chain?url=http://vin.gl/p/12345 HTTP/1.1\nHost: API_GATEWAY_ID.execute-api.YOUR_REGION.amazonaws.com\n```\n\n#### Response\n\n```http\nHTTP/1.1 200 OK\nContent-Type: application/json; charset=utf-8\n\n{\"data\":[\"http://vin.gl/p/12345\",\"https://vin.gl/p/12345\",\"https://www.vingle.net/posts/12345\"]}\n```\n\n\n### Get inspected page content\n\nGet inspected page content.\n\nInspection will be performed through Chrome browser.\n\nCurrently we provide two kinds of inspected page content:\n\n##### List of navigated urls - `navigatedUrls`\n\nFor example, Evil attacker may hijack users using Javascript-based navigation: \n\n```js\nsetTimeout(() =\u003e {\n  location.href = 'https://evil-website.com/payment';\n}, 1000);\n```\n\nIn this case, HTTP-based redirection detection can't be used.\nTo detect client-slide navigation, This API spawns browser and watches navigation events internally to detect client-side redirection.\n\n\n##### Rendered HTML content\n\nFor example, Evil attacker may modify page content using Javascript:\n\n```js\nwindow.onload = () =\u003e {\n  const evilLink = '\u003ca href=\"https://evil-website.com/payment\" target=\"_blank\"\u003eClick me to get free iPhone X!\u003c/a\u003e';\n  document.body.innerHTML += evilLink;\n};\n```\n\nIn this case, HTTP-based content inspection can't be used.\nTo detect client-slide page rendering, This API spawns browser and watches load events to get modified page content.\n\n#### Request\n\n```http\nGET /stage/content?url=https://balmbees.github.io/suspicious-serverless/examples/evil-client-redirection/ HTTP/1.1\nHost: API_GATEWAY_ID.execute-api.YOUR_REGION.amazonaws.com\n```\n\n#### Response\n\n```http\nHTTP/1.1 200 OK\nContent-Type: application/json; charset=utf-8\n\n{\n  \"data\": {\n    \"navigatedUrls\": [\"https://balmbees.github.io/suspicious-serverless/examples/evil-client-redirection/\", \"https://balmbees.github.io/suspicious-serverless/examples/evil-client-redirection/redirected-page.html\"],\n    \"html\": \"\u003c!DOCTYPE html\u003e\u003chtml lang=\\\"en\\\"\u003e\u003chead\u003e\\n  \u003cmeta charset=\\\"UTF-8\\\"\u003e\\n  \u003ctitle\u003eEvil Client-side redirection\u003c/title\u003e\\n\u003c/head\u003e\\n\u003cbody\u003e\\n\u003cp\u003e\\n  Please wait a moment to get prize, This is limited time offer!\\n\u003c/p\u003e\\n\u003cscript type=\\\"text/javascript\\\"\u003e\\n  window.onload = () =\u003e {\\n    const evilLink = '\u003ca href=\\\"https://evil-website.com/payment\\\" target=\\\"_blank\\\"\u003eClick me to get free iPhone X!\u003c/a\u003e';\\n    document.body.innerHTML += evilLink;\\n  };\\n\u003c/script\u003e\\n\\n\\n\u003ca href=\\\"https://evil-website.com/payment\\\" target=\\\"_blank\\\"\u003eClick me to get free iPhone X!\u003c/a\u003e\u003c/body\u003e\u003c/html\u003e\"\n  }\n}\n```\n\nCompare results with [source](https://github.com/balmbees/suspicious-serverless/tree/master/docs/examples/evil-client-redirection) / [demo](https://balmbees.github.io/suspicious-serverless/examples/evil-client-redirection/)    \n\n\n## Deploy\n\n```bash\n$ npm run deploy:stage # for staging \n$ npm run deploy:prod # for production \n```\n\n## Testing\n\n```bash\n$ npm run test\n```\n\n## Debugging\n\nTo see debug logs, Set `DEBUG` environment variable to `suspicious-serverless*`.\n\n\n## Maintainer\n\n[MooYeol Prescott Lee (@mooyoul)](https://github.com/mooyoul)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserverless-seoul%2Fsuspicious-serverless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fserverless-seoul%2Fsuspicious-serverless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserverless-seoul%2Fsuspicious-serverless/lists"}