PhisherCatcher

PhisherCatcher is a browser extension using Gemini to analyze domain, SSL, and WHOIS records, swiftly identifying phishing threats and ensuring site legitimacy for safer browsing.

Comment

Inspiration

Phishing websites continue to be a prevalent and dangerous issue online. These sites are often cleverly disguised to look like legitimate pages, tricking users into revealing sensitive information, such as passwords, credit card details, or social security numbers. While anyone can fall victim to these scams, the elderly are particularly vulnerable.

Traditional phishing detection solutions often rely on databases of flagged URLs, which list known phishing websites. However, these databases are inherently limited because cybercriminals continuously create new phishing sites with slightly altered URLs or entirely new domain names. This tactic enables them to bypass these lists and reach unsuspecting users before their new sites can be flagged.

Here comes PhisherCatcher, a smart browser extension that goes beyond conventional blacklist-based detection, instead it leverages Large Language Models, powered by Gemini, to analyze website attributes in real time identifying subtle indicators of phishing attempts even on newly created or disguised domains.

What it does

To ensure reliability, PhisherCatcher begins by generating a comprehensive Pre-Analysis Report, which includes key details about the domain name format, WHOIS records, and SSL certificate status. This report is then processed by a Gemini LLM model, which evaluates the website's legitimacy. Based on this analysis, the model provides a a legitimacy score (expressed as a percentage), a detailed explanation of why the site may be suspicious, and a list of potential red flags. This not only helps users make informed decisions but also serves as a valuable learning tool to better understand the signs of phishing.

PhisherCatcher also provides proactive protection by blocking access to potentially dangerous websites, preventing users from inadvertently interacting with them. With its customizable settings, PhisherCatcher allows users to tailor the extension to their needs: enabling or disabling automatic website scanning, blocking, and adjusting the level of flexibility in detecting potentially malicious sites. This way, you can feel confident knowing that your loved ones are safe, even when you're not around.

How we built it

Initially, the extension was fully remote based on an agent built with Genkit and deployed on Firebase Functions. The agent generates the Pre-Analysis report and prompts Gemini's model to return a detailed analysis. With the introduction of Prompt API, the whole process can be done in-device where the Pre-Analysis report is generated within extension and prompted to the Gemini Nano to generate the analysis. With the current status of the Prompt API, the remote agent is still active and serves as a Fallback in case the Prompt API is unavailable or an error happened.

The database serves as a pre-check mechanism, allowing websites to be quickly cross-referenced before triggering a new analysis, saving processing tokens and enhancing efficiency. Over time, this database of analyzed websites grows autonomously, requiring no human intervention, and can be leveraged for future machine learning applications or other uses.

Once the analysis is complete, the extension presents the results to the user and takes the necessary actions based on the website's legitimacy, providing real-time protection.

What's next for PhisherCatcher

First, the plan is to make sure that PhisherCatcher provides a faster and more reliable in-device analysis with Prompt API after it is fully stable. A better prompt and user experience should be constructed to make the first version of the extension publicly available.

In the next phase, we plan to expand the pre-analysis report by incorporating a deeper level of scrutiny. This will include analyzing the website's code, as well as additional domain-related details, such as hosting information and IP address data. This will provide a more thorough evaluation of the website's legitimacy before further processing, ensuring that our system is both accurate and resource-efficient.

Built With

Share this project:

Updates