Today I wish to share with you a recent experience I had developing a Firefox Extension. A friend had asked me for assistance in his MSC Thesis which had to do with Information Security particularly Anti-Phishing.

Anti-Phishing software as you know are designed to prevent Internet Phishing scams. The task involved developing a browser toolbar/extension to trap scammers.

Basically he wanted the extension to do the following

  1. Detect Phishing/Malware Websites

  2. Log the IP address of the offending site as well as detection time on a File

  3. Detect and Display the Country name and flag of accessed sites.

  4. Display of a friendly Page in the browser to assist users in case of a Phishing attack

After considering the features of what he wanted my preference was to go the Firefox way for the following reasons:

  • Platform Independence(Firefox is available on all Operating Systems)

  • Speed

  • Embedded Database(SQLite)- in case I have to do any storage

  • Free Tools(Firefox, Netbeans IDE, Venkman Debugger) for extension development

  • Simple and Easy to Understand languages(XUL, JavaScript, CSS) for development

  • Other advantages are listed here

After elaborating on the above advantages my pal ditched any thought he had for Internet Explorer. Two of the desired features involved getting results from external services in-order to work.
Detecting if a site was a Phishing site involved calling the PhishTank WebService API, while detecting the IP address and Country of the Web site required an interaction with the IP Location API from IPInfoDB

I will only review the relevant and tricky aspects of this extension with you, the complete source code and extension is available on request.

  1. Detect Phishing/Malware Websites
    2. var q="http://checkurl.phishtank.com/checkurl/";
var enc=window.btoa(aURI);
var param="url="+enc;
var req = new XMLHttpRequest();
req.open("POST", q, true);
req.setRequestHeader("Content-type",
"application/x-www-form-urlencoded");
req.setRequestHeader("Content-length", param.length);
req.setRequestHeader("Connection", "close");
var xmlDoc=req.responseXML;
  2. Logging the Offending Sites IP address and detection time
    3. var file = Components.classes
["@mozilla.org/file/directory_service;1"]
.getService(Components.interfaces.nsIProperties)
.get("Home", Components.interfaces.nsIFile);
file.append("phishlog.txt");
var foStream = Components.classes
["@mozilla.org/network/file-output-stream;1"]
.createInstance(Components.interfaces.nsIFileOutputStream);
foStream.init(file, 0x02 | 0x08 | 0x10, 0666, 0);
var converter = Components.classes
["@mozilla.org/intl/converter-output-stream;1"]
.createInstance(Components.interfaces.nsIConverterOutputStream);
converter.init(foStream, "UTF-8", 0, 0);
var data=phishlink+", "+detectiondate+"\n";
converter.writeString(data);
converter.close();
  3. Detect and Display the Country name and Flag of accessed sites.
    4. var results=new Array(2);
var re = new RegExp('^(?:f|ht)tp(?:s)?\://([^/]+)', 'im');
var hostname= aURI.match(re)[1].toString();
var url="http://ipinfodb.com/ip_query2.php?ip="+hostname;
var complete=false;
var req = new XMLHttpRequest();
req.open('GET', url, true);
var xmlDoc=req.responseXML;
var filename=cCode.toLowerCase()+".gif";
var src="chrome://{appname}/skin/flags/"+filename;
element.setAttribute("src", src);
  4. Display of a friendly Page in the browser to assist users in case of a Phishing attack
    5. var browser=gBrowser.selectedBrowser;
var uri="chrome://{appname}/skin/warning.html";
browser.loadURI( uri,null, "utf-8" );

No related posts.