Extensions :  K-Meleon Forum
All about K-Meleon extensions. 
km supernanny
Posted by: disrupted
Date: October 11, 2009 04:45PM

checks if a link or current page is a phishing scam

uses an online service to retrieve xml data.. requires that the url be base-64 encoded and couldn't be done with regular macro, though theoretically there's a javascript through xmlhttprequest but i couldn't do it with injectjs.. so i had to use autoit.

if someone is good with js and wants to try it internally with the macro, this is the js script
var data = window.location.href;var b64_map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var byte1, byte2, byte3;var ch1, ch2, ch3, ch4;var result = new Array(); var j=0;for (var i=0; i<data.length; i+=3) {byte1 = data.charCodeAt(i);byte2 = data.charCodeAt(i+1);byte3 = data.charCodeAt(i+2);ch1 = byte1 >> 2;ch2 = ((byte1 & 3) << 4) | (byte2 >> 4);ch3 = ((byte2 & 15) << 2) | (byte3 >> 6);ch4 = byte3 & 63;if (isNaN(byte2)) {ch3 = ch4 = 64;} else if (isNaN(byte3)) {ch4 = 64;}result[j++] = b64_map.charAt(ch1)+b64_map.charAt(ch2)+b64_map.charAt(ch3)+b64_map.charAt(ch4);}	var thefin = result.join('');var thecode = escape(thefin);var thisdomain = 'http://checkurl.phishtank.com/checkurl/'+thecode;xmlhttpRequest({ method:'GET', url: thisdomain, onload:function(details) {var howdy=details.responseText;var thetruth=howdy.split('true');var truecount = thetruth.length -1;if(truecount == '3'){alert('This is a phishing site!');window.location = 'http://phishtank.com';}}});

i think the js needs an application id key(according to fishtank).. the extension is registered with phishtank under username: kmeleon , password: fuckphish
and id key:
Your Applications
Application Name Credentials
kmeleon phishchecker extension Key: 7c24c269e72ea41a1044ec1a0578c7189c6f28e0af9a86608fedd8f8b5daf475

the autoit extension is available in 2 versions:
9x(98, me) http://kmext.sourceforge.net/files/phishtank9x.7z
nt version(2k, xp, vista)http://kmext.sourceforge.net/files/phishtankNT.7z

the 64-base encoder udf is courtesy of streetmonkey2 from the autoit forums
http://www.autoitscript.com/forum/index.php?showtopic=21399&st=0

usage..right-click on link or page you suspect and select phishing checker, it will then check an xml database and display if site is phishing or not..there's also an audio alert









--------------------------------------------------------------------------------
source:

# K-Meleon Macros (http://kmeleon.sourceforge.net/wiki/index.php?id=MacroLanguage)

# -----checks for phishing sites------------

$_tool_path=getfolder(RootFolder)."\\Tools";

supernanny_page{
menugrayed=(hostname($URL)=="");
$HOST=hostname( $URL );
setclipboard($URL);
exec($_tool_path."\\phishtank\\phishchecker.exe ".$HOST);
}

supernanny_link{
menugrayed=(hostname($LinkURL)=="");
$HOST=hostname( $LinkURL );
id(ID_COPY_LINK_LOCATION);
exec($_tool_path."\\phishtank\\phishchecker.exe ".$HOST);
}

supernanny_BuildMenu{
setmenu(DocumentSave,macro,"Phishing Checker",supernanny_page);
setmenu(LinkSave,macro,"Phishing Checker",supernanny_link);
}

$OnInit=$OnInit."supernanny_BuildMenu;";
# --------------------------------------------------------------------
$macroModules=$macroModules."supernanny;";


; AutoIt Version: 3.3.0
; Language: English
; Platform: Win9x/NT
; Author: yanni

#include "_Base64.au3"
#include <GUIConstants E x.au3>
#include <WindowsConstants.au3>
#include <StaticConstants.au3>
#include <ButtonConstants.au3>
#Include <String.au3>
#include <Misc.au3>
#notrayicon


if _Singleton("supernanny",0) = 0 Then
exit
endif

$phishpend=(@TempDir & "\phishchk.xml")

$TextIn = ClipGet ( )
;Encode the text, with no line breaks(faster)
$Base64Text = _Base64Encode ($TextIn, False)

$phishxml=("http://checkurl.phishtank.com/checkurl/"; & $Base64Text)

InetGet($phishxml, $phishpend, 1, 0)
$parse=FileReadLine($phishpend, 11)
$dbchk=StringRegExp ($parse,"(?i)true")

if $dbchk=1 Then
;msgbox(64, "you're fucked", "stay clear")
$isit=("phishing site verified. stay clear!")
$icon=(@scriptdir & "\phiser.ico")
$sound=(@scriptdir & "\attn.wav")
Else
;msgbox(64, "safe site", "no worries")
$isit=("phishing not verified. safe site.")
$icon=(@scriptdir & "\safe.ico")
$sound=(@scriptdir & "\secu.wav")
EndIf


$phishchecker = GUICreate("supernanny", 218, 34, -1, -1, BitOR($WS_DLGFRAME, $WS_POPUP, $WS_EX_TOPMOST))
$Label1 = GUICtrlCreateLabel($cmdline[1], 8, 3, 200, 15)
$Label2 = GUICtrlCreateLabel($isit, 8, 17, 160, 15)
$status = GUICtrlCreateIcon($icon, -1 , 170 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 185 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 200 , 17, 16, 16)
GUISetState(@SW_SHOW)
While 1
SoundPlay($sound)
$msg = GUIGetMsg()
WinSetOnTop("supernanny", "", 1)
sleep(8422)
GUIDelete()
ExitLoop
WEnd
Exit


special thanks to streetmonkey2 for base64-encode function

Options: ReplyQuote
Re: km supernanny
Posted by: disrupted
Date: October 12, 2009 02:43AM

update: now when a site is not on the list, it won't say safe because it's misleading.. will say"could be safe". the site may be a phisher but not verified yet so you never know.. super nanny is a sensible nanny and it's up to the user in the end to decide what's safe and what isn't.

another update because their servers can sometimes be down (when it's working the response is instant), it can display a site as non verified when the cml hasn't been fetched.. now if it takes too long, it aborts and displays servers down, try later. their's a similar firefox extension pinging the same server but it's not user triggered, it constantly checks in the background so can imagine the stress it puts on the phishtank servers even with an application id.. only in firefox it is buggy because when the servers are down it will state "safe!" without being able to check.. so km supernanny is smarter. anyway..this extension was actually a response to a firefoxer at mirage performance who argued kmeleon is inferior simply because it had no anti-phishing feature.. well i guess it's better than having anti-phisihing feature that gives up when the database is down and states a site as safe without checking or even safe when it's not verified ..it's up to the user to know where they are inputing their accounts..and wise user is definitely better than a false sense of security.

download update from same links

; AutoIt Version: 3.3.0
; Language: English
; Platform: Win9x/NT
; Author: yanni

#include "_Base64.au3"
#include <GUIConstants E x.au3>
#include <WindowsConstants.au3>
#include <StaticConstants.au3>
#include <ButtonConstants.au3>
#Include <String.au3>
#include <Misc.au3>
#notrayicon


if _Singleton("supernanny",0) = 0 Then
exit
endif

$phishpend=(@TempDir & "\phishchk.xml")

$TextIn = ClipGet ( )
;Encode the text, with no line breaks(faster)
$Base64Text = _Base64Encode ($TextIn, False)

$phishxml=("http://checkurl.phishtank.com/checkurl/"; & $Base64Text)

InetGet($phishxml, $phishpend, 1, 0)
$parse=FileReadLine($phishpend, 11)
$dbchk=StringRegExp ($parse,"(?i)true")

if $dbchk=1 Then
;msgbox(64, "you're fucked", "stay clear")
$isit=("phishing site verified. stay clear!")
$icon=(@scriptdir & "\phiser.ico")
$sound=(@scriptdir & "\attn.wav")
Else
;msgbox(64, "safe site", "no worries")
$isit=("not listed. could be safe.")
$icon=(@scriptdir & "\safe.ico")
$sound=(@scriptdir & "\secu.wav")
EndIf

if fileexists($phishpend) then
phishmain()
else
serverdown()
endif

func phishmain()
$phishchecker = GUICreate("supernanny", 218, 34, -1, -1, BitOR($WS_DLGFRAME, $WS_POPUP, $WS_EX_TOPMOST))
$Label1 = GUICtrlCreateLabel($cmdline[1], 8, 3, 200, 15)
$Label2 = GUICtrlCreateLabel($isit, 8, 17, 160, 15)
$status = GUICtrlCreateIcon($icon, -1 , 170 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 185 , 17, 16, 16)
$status = GUICtrlCreateIcon($icon, -1 , 200 , 17, 16, 16)
GUISetState(@SW_SHOW)
While 1
SoundPlay($sound)
$msg = GUIGetMsg()
WinSetOnTop("supernanny", "", 1)
sleep(8422)
GUIDelete()
ExitLoop
WEnd
filedelete($phishpend)
Exit
endfunc

func serverdown()
$phishchecker = GUICreate("supernanny", 218, 34, -1, -1, BitOR($WS_DLGFRAME, $WS_POPUP, $WS_EX_TOPMOST))
$Label1 = GUICtrlCreateLabel($cmdline[1], 8, 3, 200, 15)
$Label2 = GUICtrlCreateLabel("servers down. try again later", 8, 17, 160, 15)
$status = GUICtrlCreateIcon(@scriptdir & "\phiser.ico", -1 , 170 , 17, 16, 16)
$status = GUICtrlCreateIcon(@scriptdir & "\phiser.ico", -1 , 185 , 17, 16, 16)
$status = GUICtrlCreateIcon(@scriptdir & "\phiser.ico", -1 , 200 , 17, 16, 16)
GUISetState(@SW_SHOW)
While 1
SoundPlay(@scriptdir & "\attn.wav")
$msg = GUIGetMsg()
WinSetOnTop("supernanny", "", 1)
sleep(8422)
GUIDelete()
ExitLoop
WEnd
Exit
endfunc


Options: ReplyQuote


K-Meleon forum is powered by Phorum.