Results 1 to 6 of 6

Thread: antiphish extension (grease monkey)

  1. #1
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536

    antiphish extension (grease monkey)

    Quote Originally Posted by Serlio
    Another temporal workaround:

    1. Install the extension Greasemonkey

    2. Don't forget to restart Firefox to complete the extension installation.

    3. Right click this link (DON'T FOLLOW THE LINK): IDN patch script and click "Install User Script..."

    4. A window will appear. Press OK.

    Finished. It will raise an alert when the URL contains IDN characters.

    English language is not my best, so translation errors advices will be welcome
    Thanks Serlio, looks interesting.

    **edit - wonderful. you can still visit site but are warned (Japanese sites - or sites that use IDN characters work - instead of disabling IDN altogether)

    Last edited by lynchknot; February 9th, 2005 at 02:43 AM.

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Interesting. I dunno if I want that alert all the time.. as I visit lots of Japanese sites.

  3. #3
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I googled a lot of japanese sites and it has not popped up. Do many sites use IDN characters? I have not found any (tried japan's mail, patent office, etc)
    Last edited by lynchknot; February 9th, 2005 at 16:02 PM.

  4. #4
    Junior Member The Journeyman's Avatar
    Join Date
    Jan 2005
    Location
    UK
    Posts
    24

    More ways to double check site validity

    Hi folks - I've been working a similar type of thread over at Wincustomize and thought you might like the following additional info:-

    For those Firefox user's who don't want to, or don't feel OK about making any changes to their files, there are a couple of double checks if you feel that you may have strayed onto a spoof site.

    If you paste the link into notepad you may be able to detect the punycode. If you check out the image below - you will see the last letter 'a' in paypal is discernably different. This was taken from the secunia link which appeared normal in the browser.



    Another option is to paste the link into this site Trustwatch:-

    http://www.trustwatch.com/get-verified.html Link

    I tested it and the 'spoof' link showed up as Unverified, while the genuine link was verified.
    Last edited by The Journeyman; February 10th, 2005 at 10:18 AM.
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1

  5. #5
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Firefox
    put about:config in address bar <enter>
    find network.enableIDN and double click it (disable)
    Turns off support for IDNs - bye bye vuln.

  6. #6
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    thx curio.

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •