checks if a link or current page is a phishing scam
uses an online service to retrieve xml data.. requires that the url be base-64 encoded and couldn't be done with regular macro, though theoretically there's a javascript through xmlhttprequest but i couldn't do it with injectjs.. so i had to use autoit.
if someone is good with js and wants to try it internally with the macro, this is the js script
var data = window.location.href;var b64_map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var byte1, byte2, byte3;var ch1, ch2, ch3, ch4;var result = new Array(); var j=0;for (var i=0; i<data.length; i+=3) {byte1 = data.charCodeAt(i);byte2 = data.charCodeAt(i+1);byte3 = data.charCodeAt(i+2);ch1 = byte1 >> 2;ch2 = ((byte1 & 3) << 4) | (byte2 >> 4);ch3 = ((byte2 & 15) << 2) | (byte3 >> 6);ch4 = byte3 & 63;if (isNaN(byte2)) {ch3 = ch4 = 64;} else if (isNaN(byte3)) {ch4 = 64;}result[j++] = b64_map.charAt(ch1)+b64_map.charAt(ch2)+b64_map.charAt(ch3)+b64_map.charAt(ch4);} var thefin = result.join('');var thecode = escape(thefin);var thisdomain = 'http://checkurl.phishtank.com/checkurl/'+thecode;xmlhttpRequest({ method:'GET', url: thisdomain, onload:function(details) {var howdy=details.responseText;var thetruth=howdy.split('true');var truecount = thetruth.length -1;if(truecount == '3'){alert('This is a phishing site!');window.location = 'http://phishtank.com';;}}});
i think the js needs an application id key(according to fishtank).. the extension is registered with phishtank under username: kmeleon , password: fuckphish
and id key:
Your Applications
Application Name Credentials
kmeleon phishchecker extension Key: 7c24c269e72ea41a1044ec1a0578c7189c6f28e0af9a86608fedd8f8b5daf475
the autoit extension is available in 2 versions:
9x(98, me)
http://kmext.sourceforge.net/files/phishtank9x.7z
nt version(2k, xp, vista)
http://kmext.sourceforge.net/files/phishtankNT.7z
the 64-base encoder udf is courtesy of streetmonkey2 from the autoit forums
http://www.autoitscript.com/forum/index.php?showtopic=21399&st=0
usage..right-click on link or page you suspect and select phishing checker, it will then check an xml database and display if site is phishing or not..there's also an audio alert
--------------------------------------------------------------------------------
source:
# K-Meleon Macros (http://kmeleon.sourceforge.net/wiki/index.php?id=MacroLanguage)
# -----checks for phishing sites------------
$_tool_path=getfolder(RootFolder)."\\Tools";
supernanny_page{
menugrayed=(hostname($URL)=="");
$HOST=hostname( $URL );
setclipboard($URL);
exec($_tool_path."\\phishtank\\phishchecker.exe ".$HOST);
}
supernanny_link{
menugrayed=(hostname($LinkURL)=="");
$HOST=hostname( $LinkURL );
id(ID_COPY_LINK_LOCATION);
exec($_tool_path."\\phishtank\\phishchecker.exe ".$HOST);
}
supernanny_BuildMenu{
setmenu(DocumentSave,macro,"Phishing Checker",supernanny_page);
setmenu(LinkSave,macro,"Phishing Checker",supernanny_link);
}
$OnInit=$OnInit."supernanny_BuildMenu;";
# --------------------------------------------------------------------
$macroModules=$macroModules."supernanny;";
; AutoIt Version: 3.3.0
; Language: English
; Platform: Win9x/NT
; Author: yanni
#include "_Base64.au3"
#include <GUIConstants E x.au3>
#include <WindowsConstants.au3>
#include <StaticConstants.au3>
#include <ButtonConstants.au3>
#Include <String.au3>
#include <Misc.au3>
#notrayicon
if _Singleton("supernanny",0) = 0 Then
exit
endif
$phishpend=(@TempDir & "\phishchk.xml")
$TextIn = ClipGet ( )
;Encode the text, with no line breaks(faster)
$Base64Text = _Base64Encode ($TextIn, False)
$phishxml=("http://checkurl.phishtank.com/checkurl/" & $Base64Text)
InetGet($phishxml, $phishpend, 1, 0)
$parse=FileReadLine($phishpend, 11)
$dbchk=StringRegExp ($parse,"(?i)true")
if $dbchk=1 Then
;msgbox(64, "you're fucked", "stay clear")
$isit=("phishing site verified. stay clear!")
$icon=(@scriptdir & "\phiser.ico")
$sound=(@scriptdir & "\attn.wav")
Else
;msgbox(64, "safe site", "no worries")
$isit=("phishing not verified. safe site.")
$icon=(@scriptdir & "\safe.ico")
$sound=(@scriptdir & "\secu.wav")
EndIf
$phishchecker = GUICreate("supernanny", 218, 34, -1, -1, BitOR($WS_DLGFRAME, $WS_POPUP, $WS_EX_TOPMOST))
$Label1 = GUICtrlCreateLabel($cmdline[1], 8, 3, 200, 15)
$Label2 = GUICtrlCreateLabel($isit, 8, 17, 160, 15)
$status = GUICtrlCreateIcon($icon, -1 , 170 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 185 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 200 , 17, 16, 16)
GUISetState(@SW_SHOW)
While 1
SoundPlay($sound)
$msg = GUIGetMsg()
WinSetOnTop("supernanny", "", 1)
sleep(8422)
GUIDelete()
ExitLoop
WEnd
Exit
special thanks to streetmonkey2 for base64-encode function