Steemed Phish Chrome Extension
- Steemed Phish is a Chrome extension that checks the current page URL and content and checks it against a whitelist and blacklist of known websites.
- The extension is made of three components:
- a background script that listens to URL changes and shows an alert if you land on a blacklisted website. It also changes the color of the extension icon: green for recognized friendly websites, red for recognized scam websites and grey for neutral websites.
- a content script that injects a Javascript and CSS code into whitelisted websites.
- the CSS code changes the color of the built-in Steemit Condenser icon that marks external links and turn it red instead of the less visible grey (see screenshot below).
- the Javascript code scans all the links within the page and turn them red / stricken through if they are leading to a blacklisted website
- the Javascript code will also cover a blacklisted website with a full page red warning with a link to go back to Steemit.com (see screenshot below)
- a popup code that currently just show how to contact me to add more websites to the whitelist or blacklist
Screenshots
Fullpage warning
Alert dialog
External links marking and blacklisted links highlighting
Technology Stack
- Javascript
- CSS
Roadmap
- Improve the popup screen and add a contact form to make it easier to contact me for blacklisting, whitelisting and feedbacks.
- Improve the quality of the icon
- Improve detection logic
- Monitor Steemit for user reports and analyze the type of scam and see if the extension can help
How to contribute?
Even a Chrome extension can be used for scamming users so always be careful of what you are installing. This project is made open source and every one can verify its code.
If you are an extension developer and would like to add new features, you can make a Pull Request here:
https://github.com/quochuy/steemedphish
How to install
Just head to the Chrome Webstore page below and click on the "Add To Chrome":
https://chrome.google.com/webstore/detail/steemed-phish/eiaigalhddmmpdnehcigmlmgllomljgj
Update v0.0.19:
https://steemit.com/utopian-io/@quochuy/steemed-phish-v0-0-16-adding-a-tooltip-to-external-links
Posted on Utopian.io - Rewarding Open Source Contributors
Thank you for the contribution. It has been approved.
I also have created a Steemit Phishing Link Cheker which does not have whitelisted or blacklisted website because its hard to update everytime any new fraud websites comes. What I have done is everytime you click on link in Steemit it says that you will be redirected to external website, do not use Steemit Password there.
You can contact us on Discord.
[utopian-moderator]
I checked your extension, I like the MEMO scanning feature.
My extension does the similar thing to yours (marking external links) but I thought whitelisting could be more effective but yes more difficult to maintain. But the idea is to try to also protect users that are on Busy.org or another official site or even if they do a google search and land on the scam site. At least if the extension recognizes it it will warn the user. Won't be perfect but one less victim is still worth it.
Hey @quochuy I am @utopian-io. I have just upvoted you!
Achievements
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x
wow, amazing!
Thanks for the help and support you guys are bringing to the community.
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by quochuy from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Instead of creating a blacklist, create a whitelist is easier 😃
The extension uses both whitelist and blacklist and both have their own pros and cons.
I can only validate a whitelisted website and if you accidentally go to a scam website I cannot determine if it is a non steemit related site or a scam site and cannot flag it.
So here is the current logic:
Neither blacklist or whitelist is enough on its own. Even combined together there are still cases I cannot handle. So a combo is always a bit better.
Nice idea. I had tried to make chrome extension before, but using DOM manipulation method
document.querySelector()but it didnt work well with Single App Application like React. Didn't spend much time on it, might read thru your source code later.Yea... I had to investigate on the dynamic content and use the MutationObserver to detect when a content has been dynamically injected into the page
If you find any ideas or optimization, let me know or make a PR
alright sure