
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
This is a SchoolStatus implementation to mock twilio client to perform requests to twilio-oai
To install using bundler grab the latest stable version:
gem install mock-twilio
OR
docker compose up twilio_mock_server
SS Twilio Mock Serverproxy_address = twilio_mock_server
proxy_port = 4010
proxy_protocol = http
Support | Mock::Twilio::Client |
---|---|
:white_check_mark: | client.messages.create(to: "+593978613041", body: "Testing SMS", from: "+13212855389") |
:white_check_mark: | client.messaging.v1.services("MG"+"F"*32).phone_numbers.create(phone_number_sid: @phone_number_sid) |
:white_check_mark: | client.available_phone_numbers('US').local.list(limit: 20) |
:white_check_mark: | client.incoming_phone_numbers.create(phone_number: "+1987654321", voice_url: "#{BASE_URL}/api/v1/twilio_calls/incoming", sms_url: "#{BASE_URL}/api/v1/twilio_requests/inbound") |
:white_check_mark: | client.incoming_phone_numbers.update(sms_application_sid: "AP"+"F"*32, voice_application_sid: "AP"+"F"*32) |
:white_check_mark: | client.lookups.v2.phone_numbers("+14159929960").fetch(fields: :line_type_intelligence) |
:white_check_mark: | client.calls.create(url: '<http://demo.twilio.com/docs/voice.xml>', to: '+14155551212', from: '+15017122661', status_callback: '<https://myapp.com/events>', status_callback_event: ['ringing'], status_callback_method: 'POST') |
:white_check_mark: | client.conferences("CF"+("F")*32).participants.create(label: 'customer', early_media: true, beep: 'onEnter', status_callback: '<https://myapp.com/events>', status_callback_event: ['ringing'], record: true, from: '+15017122661', to: '+15558675310') |
:white_check_mark: | client.trusthub.v1.customer_profiles.create(**twilio_attributes) |
:white_check_mark: | client.trusthub.v1.customer_profiles(customer_profile_sid).customer_profiles_entity_assignments.create(object_sid:) |
:white_check_mark: | client.trusthub.v1.customer_profiles("BU"+"F"*32).customer_profiles_channel_endpoint_assignment.list(limit: 20) |
:white_check_mark: | client.trusthub.v1.customer_profiles("BU"+"F"*32).customer_profiles_channel_endpoint_assignment("RA"+"F"*32).delete |
:white_check_mark: | client.trusthub.v1.trust_products("BU"+"F"*32).trust_products_channel_endpoint_assignment.list(limit: 20) |
:white_check_mark: | client.trusthub.v1.trust_products("BU"+"F"*32).trust_products_channel_endpoint_assignment("RA"+"F"*32).delete |
:white_check_mark: | client.trusthub.v1.end_users.create(**twilio_parameters) |
:white_check_mark: | client.trusthub.v1.supporting_documents.create(**twilio_parameters) |
:white_check_mark: | client.addresses.create(**twilio_parameters) |
:white_check_mark: | client.trusthub.v1.customer_profiles.create(**twilio_attributes) |
:white_check_mark: | client.trusthub.v1.customer_profiles(customer_profile.sid).customer_profiles_evaluations.create(policy_sid:) |
Mock::Twilio::Webhooks | Support |
---|---|
Webhooks::Messages | :white_check_mark: |
Webhooks::InboundMessages | :white_check_mark: |
Webhooks::Calls | :white_check_mark: |
Webhooks::CallStatusUpdates | :white_check_mark: |
Webhooks::Voicemail | :white_check_mark: |
Webhooks::Conferences | :white_check_mark: |
Webhooks::CustomerProfiles | :white_check_mark: |
Webhooks::Brands | :white_check_mark: |
Initializer sample
# Local Docker/Host
Mock::Twilio.configure do |config|
config.host = "http://shunkan-ido-service:3000"
config.forwarded_host = "shunkan-ido-service:3000"
config.port = "3000"
config.proto = "http"
# optional https://www.twilio.com/docs/messaging/api/message-resource#request-body-parameters
# Use webhook_message_status_url as the Integration Send webhook from Messaging Service.
# If you include status_callback parameter with the messaging_service_sid,
# Twilio uses status_callback URL instead of the Status Callback URL(webhook_message_status_url) of the Messaging Service.
# config.webhook_message_status_url = "http://shunkan_ido:3000/api/v1/twilio_requests/webhook_message_updates"
end
# Real http(s) url
Mock::Twilio.configure do |config|
config.host = "https://my-server"
config.forwarded_host = "my-server"
config.port = "443"
config.proto = "https"
# optional https://www.twilio.com/docs/messaging/api/message-resource#request-body-parameters
# Use webhook_message_status_url as the Integration Send webhook from Messaging Service.
# If you include status_callback parameter with the messaging_service_sid,
# Twilio uses status_callback URL instead of the Status Callback URL(webhook_message_status_url) of the Messaging Service.
# config.webhook_message_status_url = "https://my-server/api/v1/twilio_requests/webhook_message_updates"
end
Example
export TWILIO_ACCOUNT_SID=ACFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
export TWILIO_API_KEY=SKXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
export TWILIO_API_SECRET=ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
mock_client = Mock::Twilio::Client.new
client = Twilio::REST::Client.new(nil, nil, nil, nil, mock_client)
client.messages.create(to: "+593978613041", body: "RB This is the ship that made the Kesssssel Run in fourteen parsecs?", from: "+13212855389")
rake test
status_callback_event
, early_media
. Validations removed for them on json files.FAQs
Unknown package
We found that mock-twilio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
Product
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
Product
Automatically fix and test dependency updates with socket fix—a new CLI tool that turns CVE alerts into safe, automated upgrades.