Inspiration
It was inspired by my school's MMA policy. I realized that while policies set the rules, the tools available often lacked the real-time ability to filter out dangerous or dubious websites. I wanted to create a proactive solution that helps users identify threats before they click.
What it does
PhishFryer is a Chrome extension designed to act as a first line of defense against phishing. It scans websites for "red flag" signals—such as the use of insecure HTTP protocols, the presence of tiny or hidden iframes used for clickjacking, and other suspicious DOM patterns—and alerts the user with a popup before they interact with the site.
How we built it
I conceptualized the detection logic and used Codex to generate the initial boilerplate code. From there, I performed heavy refinements, transitioning the code to Manifest V3 standards and fine-tuning the trigger logic to decide exactly when and how the extension should reveal its warnings.
Challenges we ran into
The journey wasn't seamless; the AI-generated code frequently contained syntax errors or logic that didn't align with my goals. At one point, the code was so aggressive that it marked every single website as dubious. I had to slowly troubleshoot the scripts and refine the heuristic filters to balance security with a smooth browsing experience.
Accomplishments that we're proud of
I am proud that PhishFryer can accurately detect multiple dubious indicators, specifically flagging insecure sites and those using malicious hidden elements. Building a functional security tool that solves a real-world problem identified in my own school environment is a significant milestone for me.
What we learned
I learned that coding with AI is a partnership that requires a lot of manual oversight. I had to learn the inner workings of Chrome's background service workers and content scripts to fix errors the AI introduced. I also gained a much deeper understanding of web security and how scanners identify malicious intent.
What's next for PhishFryer
The next step is to move beyond basic heuristics. I plan to implement a "Risk Score" system and potentially integrate a real-time API to check URLs against known phishing databases. I also want to refine the UI to make the alerts more informative for non-technical users.
Log in or sign up for Devpost to join the conversation.