-
-
User-generated safety report
-
Pop-out menu for user-run safety report generation
-
Warning generated by Carpy upon visiting a possibly dangerous website
Inspiration
Phishing attacks and IDN (Internationalized Domain Name) spoofing remain persistent threats on the web, tricking users by mimicking legitimate URLs using look-alike characters. Our project aims to enhance browsing security by proactively detecting such threats and providing users with actionable insights to stay safe.
What it does
Automatic Detection of IDN Spoofing:
- When users visit a potentially spoofed or suspicious site, Carpy identifies IDN spoofing patterns and displays a warning page with safety recommendations.
Manual Safety Review Trigger:
- Users can open the extension pop-out and manually request a real-time AI-generated safety report for the current site they are visiting.
How we built it
Technologies Used:
- JavaScript, HTML, CSS for extension UI and logic.
- Google Generative AI API to generate safety reports for manual checks.
- Manifest V3 to align with the latest Chrome extension standards.
- Punycode, Unicode and RegEx Parsing: To detect homograph attacks and suspicious URL patterns.
Core Components:
- Background Service Worker: Monitors visited URLs and triggers a redirect to a safety page if a spoof is detected.
- Leveraged a database of Unicode character homographs generated by researchers at Waseda University using machine learning techniques to determine if URLs are "look-alikes" of trusted websites, collected by Amazon's Alexa Internet, Inc.
- In the process, we reverse-engineered Google Chrome's Punycode conversion of Unicode characters.
- Popup Interface: Allows users to manually initiate a site safety review with one button click.
- AI Integration: Generates contextual safety reports based on URL structure and patterns.
- Makes calls to Google's Generative AI API, allowing it to analyze the URL and provide a clear set of reccomendations for a user to ensure their safety on the site.
- Makes use of Christopher Jeffrey's markedjs library to interpret the markdown-formatted output of the Generative AI API.
Challenges we ran into
- Learning the Manifest V3 framework and the restrictions that come with it, including Chrome's service worker requirements, which changed how we managed background processes.
- Dealing with different requirements for extensions to function across multiple browsers.
- Parsing and identifying homograph links, which may be converted into different representations like Punycode.
- Dealing with delays and limited cloud resources while integrating third-party AI services into the extension.
Accomplishments that we're proud of
- Successfully detected multiple phishing URLs using a combination of Punycode parsing and AI analysis.
- Integrated a working AI safety report feature within the extension.
- Built a robust, simple UI within the time constraints of the hackathon.
- Created Carpy, a tool that can integrate with our everyday web browsing and that we would genuinely use.
What we learned
- Gained experience working with Chrome’s Manifest V3 and its limitations.
- Improved understanding of Unicode vulnerabilities and how they are exploited for phishing attacks.
- Learned how to integrate external APIs (Google AI) efficiently into browser extensions.
What’s next for CarpySafe - IDN Spoofing Attack Defender
- Expand AI capabilities: Include more contextual analysis, such as domain reputation and SSL status in the safety report.
- Browser Compatibility: Extend full support to Firefox and Safari browsers.
- More Forms of Phishing Domain Detection: Integrate more machine learning-based threat detection abilities, including other forms of URL spoofing detection.
- Page Content Analysis: Extend threat detection to scraping the content of the webpage for dangerous material, all while remaining simple and lightweight.
Built With
- css
- google/generative-ai
- html
- javascript
- marked.js
- punycode
Log in or sign up for Devpost to join the conversation.