Wegis

• 

  Wegis general logo

• 

  Phishing site detector AI's structure

• 

  Wegis server's cloud infrastructure

Inspiration

The inspiration for 'Wegis' came from witnessing the alarming rise in sophisticated phishing attacks that bypass traditional security measures. We noticed that many users, especially those less tech-savvy, were falling victim to increasingly clever phishing schemes involving QR codes, malicious downloads, and deceptive social media links. The name "Wegis" combines "Web" and "Aegis" (meaning shield or protection), reflecting our mission to create a comprehensive shield for web browsing. We wanted to build a proactive defense system that doesn't just warn users after they've clicked a suspicious link, but actively scans and protects them before any interaction occurs.

What it does

Wegis is a comprehensive browser extension that provides real-time protection against phishing attacks across multiple vector types. The extension continuously monitors web pages and automatically collects various types of links including URLs, hyperlinks, download links, social media card links. Each collected link is analyzed through our custom Phishing detection API server, which uses machine learning to access phishing probability with confidence scores. When a malicious link is detected, Wegis immediately blocks access and displays clear warning messages to users. For user-submitted feedback, Wegis employs Chrome's built-in Proofreader API to clean up grammar locally before the report is sent, ensuring high-quality signals reach the backend while keeping raw input on the user's device. The extension features an intuitive popup interface showing protection status, scan statistics, and settings, while maintaining user privacy by processing all data through secure API calls rather than storing sensitive inforamation locally.

How we built it

We build Wegis using Chrome Extension Manifest V3 architecture, ensuring future compatibility and enhances security. The extension consists of multiple interconnected components: a background service worker that handles API communications adn implements dynamic request blocking using the 'declarativeNetRequest' API, content scripts that scan web pages using 'MutationObserver' for dynamic content detection, and a sophisticated link collection system that processes various link types. We developed a custom RESTful API endpoint (https://api.bnbong.xyz/api/v1/wegis-server/analyze/check) that provides real-time phishing analysis with confidence scoring. This API calls analyzes whether or not the site is a phishing site by BERT + CNN-based multimodal model that has learned more than 50,000 phishing site URLs and HTML content that are posted and run on my personal cloud server. On the client side, Wegis integrates the Chrome Built-in Proofreader API to refine user feedback text in the popup before it is transmitted. The frontend uses modern JavaScript with a clean, responsive UI design, while our development workflow includes comprehensive ESLint and Prettier configurations, pre-commit hooks for code quality, and automated testing strategies using Jest and Puppeteer.

Challenges we ran into

One of our biggest challenges was adapting to Chrome's Manifest V3 migration, particularly replacing the deprecated webRequestBlocking API with the more restrictive declarativeNetRequest system for blocking malicious requrests. We also faced the complex challenge of balancing security with UX - providing comprehensive protection without creating excessive false positives or slowing down browsing performance. Additionally, a lot of consideration is being given to reducing the time required for BERT + CNN-based models to predict results. Great consideration is being given to making sure that the time it takes to determine a phishing site is completed in a very short period of time so that the browser UX is not ruined as much as possible.

Accomplishments that we're proud of

We're particularly proud of creating a seamless user experience that provides enterprise-level security without requiring technical expertise from users. Our comprehensive link detection system successfully identifies and processes multiple attack vectors including traditional URLs, and social media links - something most existing solutions fail to address holistically. We implemented a sophisticated caching system that significantly improves performance by avoding redundant API calls while maintaining real-time protection. The extension's architecture successfully handles dynamic content updates using 'MutationObserver', ensuring protection even on modern single-page applications with constantly changing content. The extension maintains excellent performance metrics with minimal impact on browsing speed while providing detailed analytics and user feedback systems.

What we learned

Throughout this project, we gained deep insights into modern web security challenges and the sophisticated nature of contemporary phishing attacks. We learned the intricacies of Chrome Extension development, particularly the significant changes required by Manifest V3 and how to work within its enhanced security constraints. We developed expertise in real-time web content analysis, learning how to efficiently process dynamic content without impacting UX.

What's next for Wegis

Our roadmap for Wegis includes several exciting enhancements and expansions. We plan to implement multi-browser compatibility, extending support to Firefox, Edge, and Safari to rach a broader user base. Integration with global IP reputation databases and threat intelligence feeds will enhance our detection capabilities by cross-referencing suspicious domains with known malicious infrastructures. We're developing mobile browser compatibility to extend protection to smartphone users, where phishing attacks are increasingly prevalent. Advanced machine learning improvements are planned for our detection API, including behavioral analysis and pattern recognition to identify zero-day phishing attempts. In future updates, Wegis will also analyze QR code elements embedded within web pages, detecting wether the encoded links lead to phishing or malicious sites. This feature aims to protect users from the growing trend of QR-based phishing attacks. We aim to implement real-time collaborative threat sharing, allowing the Wegis community to benefit from collective threat intelligence. Additional features in development including advanced analytics and reporting tools, but the first thing we are currently improving is response time improvement of phishing site detection.

Built With

• css
• extension
• fastapi
• javascript
• mongodb
• oraclecloud
• postgresql
• redis