mozdev.org

InvisiBill

resources:
this project:

VerifyURL is a simple extension which shows the true host of a webpage. It was designed to help expose phishing scams, where a user is taken to a scammer's site which looks like a real site. The user is then tricked into providing their account details to the scammer.

VerifyURL can be accessed via a page's context menu, or though a toolbar button. This extension uses the code from the common JavaScript bookmarklet which serves the same purpose. When the menu item or toolbar button is selected, a JavaScript alert box pops up showing the true hostname you are viewing.

Alert Box

The extension makes the feature available when your bookmarks aren't handy. http://www.nd.edu/~jsmith30/xul/test/spoof.html is an example where the whole Firefox UI is spoofed. In this case, your bookmarklet wouldn't be readily available. With VerifyURL, it's still available on the context menu.

Version 0.4 decodes International Domain Names. This is not a bug, but an issue with the IDN system itself. Special codes can be used to make international characters in URLs. However, these codes can also be used to generate characters that look exactly the same as those in other domain names. http://secunia.com/multiple_browsers_idn_spoofing_test/ contains an example of a spoofed IDN. Here is a picture of what the alert box shows on the Paypal spoofing IDN in Secunia's example.

IDN Alert Box

If you would like a more automated system, SpoofStick allows you to automatically show every URL's hostname on a toolbar. This can be handy for less savvy users, who wouldn't realize when they should use VerifyURL. Some phishing sites are very realistic, so even experienced users can be fooled by them. VerifyURL and SpoofStick both simplify the displayed URL, making it easier to spot a scam.

The invisibill project can be contacted through the mailing list or the member list.
Copyright © 2000-2014. All rights reserved. Terms of Use & Privacy Policy.