WiseShield AI is a comprehensive security solution designed to safeguard users from phishing attacks. The project integrates a Flask API server powered by Machine Learning, a Chrome extension, and a website developed using React and Tailwind CSS. The Chrome extension detects sensitive fields such as Username and Password on websites and sends the site's URL and content to the backend server. The backend server, using a pre-trained model, checks if the site is legitimate or not by comparing it with known legitimate sites. If the site is identified as fake, the extension warns the user and redirects them to the legitimate site.
-
Clone the repository using the following command:
git clone https://github.com/Team-ByteWise/wiseshield-ai.git
-
Navigate to the project directory:
cd wiseshield-ai
-
Run the following command to run automated install:
For Windows (Powershell):
Set-ExecutionPolicy Bypass -Scope Process -Force; .\run.ps1
For Linux:
chmod +x run.sh ./run.sh
The script will install the required dependencies and start the backend server, frontend website, serve some phishing websites for test and open a chrome window with the extension pre installed with phishing sites and their legitimate versions for testing.
- The frontend Web Application can be accessed at http://localhost:5173
- The backend API can be accessed at http://localhost:5000
- The phishing sites can be accessed at the following URLs:
Manual Installation
-
Navigate to the
backend
directory:cd backend
-
Create a Python Virtual Environment:
python -m venv venv
-
Activate the Virtual Environment:
For Windows (Poweshell):
.\venv\Scripts\activate.ps1
For Linux:
source venv/bin/activate
-
Install the required dependencies:
pip install -r requirements.txt
-
Start the Flask server:
python main.py
-
Navigate to the
frontend
directory:cd frontend
-
Install the required dependencies:
npm install
-
Start the development server:
npm run dev
-
Navigate to the
evilginx
directory:cd evilginx
-
Download evilginx:
For Windows (Powershell):
Invoke-WebRequest -Uri "https://github.com/kgretzky/evilginx2/releases/download/v3.3.0/evilginx-v3.3.0-windows-64bit.zip" -OutFile "evilginx.zip"
For Linux:
wget https://github.com/kgretzky/evilginx2/releases/download/v3.3.0/evilginx-v3.3.0-linux-64bit.zip -O evilginx.zip
-
Extract the downloaded file:
For Windows (Powershell):
Expand-Archive -Path "evilginx.zip" -DestinationPath "." -Force
For Linux:
unzip evilginx.zip
-
Start the evilginx server:
For Windows (Powershell):
.\evilginx.exe -developer -c .
For Linux:
./evilginx -developer -c .
-
Navigate to the
extension
directory:cd extension
-
Install the required dependencies:
npm install
-
Build the extension:
npm run build
-
Load the extension in Chrome:
- Open Chrome and navigate to
chrome://extensions/
- Enable Developer Mode
- Click on
Load unpacked
and select thebuild
directory inside theextension
directory
- Open Chrome and navigate to
Now you can visit the following phishing sites to test the extension:
- Install all the required components using the automated or manual installation steps.
- Visit the phishing sites mentioned above to test the extension.
- As soon as you visit the phishing sites, the extension will detect it and redirect you to a warning page.
- You can click on the
Go to the real site
button on the warning page to redirect to the legitimate site.
This project is for educational purposes only. The phishing sites are hosted locally and are not accessible to the public. The phishing sites are only for testing the extension and backend server. The phishing sites are not intended to be used for malicious purposes.
- Evilginx for testing phishing sites
- Chrome Extension CLI to bootstrap the Chrome Extension