Phishing use case - improvement

Lookyloo / lookyloo

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other.

https://www.lookyloo.eu

Other

678 stars 83 forks source link

Phishing use case - improvement #190

Open Rafiot opened 3 years ago

Rafiot commented 3 years ago

What is changing?

Right now, we have a weird malicious flag, it needs to go away.

The problem we want to solve is the following:

Legitimate site legit.com has a logo, with hash <hash>. The <hash> is not a phishing marker as long as it is on the legitimate site
The same hash is present on a site that is not legit.com. In that case, it should be marked as suspected phishing (Logo idea: fish with a question mark)

How will this impact users?

Help them to spot phishing cases more easily.

quinnnorton commented 3 years ago

create a check box for "suspected resource for phishing attacks (mark as legitimate for this site)" that will allow other sites it appears on to marked as "suspected phishing" based on the hash of the resource. I will need to make a suspected fishing icon, though this probably belongs in a instance annotation tool (vs a capture annotation tool) why am i giving myself more work to do

esellier commented 2 years ago

A perceptual hash may also be interesting (or a more efficient logo recognition API => Google Cloud Vision?), as well as some metadata on images (including XMP). The main problem is to create the initial Hash DB with logos from all legit sites.