NahMeter

• 

  NahMeter Icon

Inspiration

NahMeter was born from a simple frustration: phishing sites don’t look suspicious anymore. They look exactly like the real thing. If even careful users can be fooled, we asked, what if the browser could see what humans can’t?

What it does

We realized most people check for:

• The logo
• The design
• The URL

But attackers don’t break the design. Instead, they hide malicious behaviour inside the page structure. Password forms secretly send data to another domain. Hidden elements. Invisible network requests. Things users will never notice.

That’s when we learned about the DOM (Document Object Model), the browser’s internal map of a webpage, and realized this is where phishing reveals itself.

NahMeter was inspired by the idea of becoming a security guard for the DOM.

How we built it

NahMeter works by scanning the DOM of every webpage you visit and looking for phishing patterns such as:

• Password forms submitting to external domains
• Hidden forms containing sensitive fields
• Suspicious external links (URL shorteners, risky domains)
• Pages secretly sending data out via POST requests
• Unsafe iframe and script behaviours

Each of these signals is analyzed and combined into a risk score that determines whether a site is Secure, Warning, or Critical.

We focused on building a heuristic engine rather than using machine learning, so the logic is transparent, explainable, and runs instantly in the browser.

Challenges we ran into

The biggest challenge was reducing false positives.

We discovered that:

• Many legitimate websites use external services like Stripe, PayPal, Google OAuth
• Scripts and iframes are extremely common and usually harmless
• Modern web architecture makes “suspicious-looking” patterns normal
• We had to carefully whitelist legitimate services and rethink how scoring works to make NahMeter feel realistic and trustworthy.

Another challenge was learning how to monitor network activity (fetch/XHR) without breaking the webpage, which required careful interception of browser APIs.

Accomplishments that we're proud of

This gap between what users can see and what the website is actually doing is where phishing succeeds.

NahMeter focuses exactly on this overlooked area. Instead of judging the appearance of a site, it inspects the hidden actions inside the page, the part almost nobody pays attention to, but where the real attack happens.

What we learned

Building NahMeter taught us that:

• Phishing detection is more about behaviour patterns than visual clues
• Many things that look suspicious are actually normal on modern websites (like scripts and iframes)
• The DOM is incredibly powerful for security analysis because it exposes hidden structures that users never see

What's next for NahMeter

If we have more time, we would have developed this extension into a more layered structure, for example urlScan, certificate verification and letting users create an account. That way users can see their browsing history in a more systemic way and websites can go through more layers.

Built With

• css
• html
• javascript