AntiPhish for IE

Help Page for AntiPhish

Introduction

This program tries to improve the security of your web browser by adding the AntiPhish add-on to your Internet Explorer. It helps you not to fall into the trap of a faked webpage (for more information about phishing see http://en.wikipedia.org/wiki/Phishing). AnitPhish compares previously entered data with all form fields of the current document. If the input matches an already saved password, i.e. a phishing attempt may have taken place, the add-on deletes all information on this page and prints out a warning dialog.

Requirements

Windows XP (SP2)

Internet Explorer 6.0

.NET Framework 2.0

Install

After downloading the Setup file, double click on it and follow the instructions.

First Steps

Starting the Internet Explorer opens a password prompt. Type in a safe password and press OK. The program is now activeted. All you have to do to use the application is to navigate to the pages you want to save from attacks (e.g. your bank's web page or your webmail account), type in you username and your password and press the "AntiPhish: Capture Sensetive Information" menu item located in your "Tools" menu. AntiPhish does all the work for you :-). If somebody would try to trick you with a fake homepage (e.g. with a fake homepage of your bank), AntiPhish would detect this by comparing the input you're typing in with the saved passwords and their corresponding webpages. The program delets all information and prints out a warning information and you are safe!

Using the program

After you have started the program for the first time, AntiPhish stores the data you captured using the "AntiPhish: Capture sensitive information" button in a file called "AntiPhishData" located in your home folder (e.g. "C:\Documents and Settings\SampleUser\AntiPhishData"). This file is encrypted using the Advanced Encryption Standard algorithm (also know as Rijndael; for more information see http://en.wikipedia.org/wiki/Rijndael). Your passwords are stored at the harddisk in a safe way! The data is saved to the harddisk after you close all instances (i.e. windows) of your Internet Explorer. Everytime you start the Internet Explorer it will ask you for your master password. If you type in a wrong password, the password prompt will appear again. If you don't know the password, you can press abort and AntiPhish will be disabled, i.e. you can't add new passwords and you are not protected from phising attempts. If you forget your password, you have to delete the data file from your home directory and start from scratch. This prohibites other users from obtaining your sensitive data.

Here follows the explanation of the menu items located in your Tools folder of your Internet Explorer:

AntiPhish: Capture Sensitive Information

After you entered a page with a password prompt (e.g. your webmail) and typed in your password, you have to tell AntiPhish that you want to save this information: This is done by the "AntiPhish: Capture Sensitive Information" button. This information is used by the program to protect you from phising attacks.

AntiPhish: Delete Info

This buttons deletes the data file from the harddisk and asks your for a new password. If you press the abort button, AntiPhish will be disabled.

AntiPhish: Show Saved Data

This menu item shows all captured domains (i.e. webpages).

Known Issues

  • Java Applets: AntiPhish can't capture information in Java applets. This is due to the design of the application.
  • Productive Systems: AntiPhish is a prototype and is not intended to be used in a productive system environment.

Documentation

Thomas Raffetseder, Engin Kirda, and Christopher Kruegel, Building Anti-Phishing Browser Plug-Ins: An Experience Report, The 3rd International Workshop on Software Engineering for Secure Systems (SESS07), 29th International Conference on Software Engineering (ICSE), Minneapolis, IEEE Computer Society Press, May 2007
[download]

License

GNU General Public License (GPL)

Download

Follow this link to get the setup file for AntiPhish: AntiPhish Version 0.1 (Setup file)

Follow this link to get the complete project (you'll need VS 2005 to open it): AntiPhishIE Version 0.1 (Project)

Author

Thomas Raffetseder
Last Modified: Thu Feb 16 18:46:39 CET 2006


Distributed Systems Group / Automation Systems Institute/ Technical University of Vienna www.seclab.tuwien.ac.at