search

minbrowser / min

A fast, minimal browser that protects your privacy
https://minbrowser.org/
Apache License 2.0
7.87k stars 697 forks source link

Malicious site detected is too sensitive #16

Closed stormageddon closed 8 years ago

stormageddon commented 8 years ago

I've noticed a few sites that I use daily that are being incorrectly identified as malicious.

namecheap.com discovercard.com compass.cloudmine.io

It seems that the parameters used to determine a phishing site are too broadly defined.

pwenzel commented 8 years ago

I encountered issues too. When visiting pivotaltracker.com and attempting to Sign in with Google, the Min browser presented a big red warning screen. This sign-in workflow seems to work just fine in regular Google Chrome.

PalmerAL commented 8 years ago

All of those except discovercard.com should be fixed now.

PalmerAL commented 8 years ago

Discovercard.com is harder to fix. The problem is that that domain actually redirects to discover.com, but the login form on that page submits back to discovercard.com. Since cross-domain form submissions are something a lot of phishing sites do, the page gets blocked.

kebeabap commented 8 years ago

Have some further issues with the phishing warning on Windows

Einenlum commented 8 years ago

Same here. My personal website for example is blocked. Is there a place where we can find the details causing problem?

KalenAnson commented 8 years ago

If you want to rebuild you can comment out the following lines in the js/webviews.js file:

if (e.channel == "bookmarksData") {
         bookmarks.onDataRecieved(e.args[0]);

     } /*else if (e.channel == "phishingDetected") {
         navigate(this.getAttribute("data-tab"), phishingWarningPage);
     }*/
 });

Commenting lines 175 -177 will effectively stop the phishing protection. Use a your own risk. I want to submit a PR that makes this an option.

PalmerAL commented 8 years ago

@kebeabap bahn.de is fixed in e381f9223ee7f6a982305294e24dccc157099c18.

PalmerAL commented 8 years ago

@Einenlum If you open the devtools for a page, then go to the console tab and check the "preserve log" option, then navigate to the page that is detected as malicious, the details will be logged.

PalmerAL commented 8 years ago

@stormageddon I've added discover.com to the whitelist in 5fded7b30eabf491e23fd58d43529e5a81f2e9f0.

Einenlum commented 8 years ago

@PalmerAL Thanks :). Some of the rules seem really weird to me. I get it for "no https" for example, but : 

no https
form with password input found
form with simple path for action detected
submitting form without https
form with password input found
form with simple path for action detected
submitting form without https
links go to external domain
min 1.25
status 1.7
phishing scan took 11.789999999999964 milliseconds

What is the problem with these ones for example? 

form with password input found
form with simple path for action detected
PalmerAL commented 8 years ago

@Einenlum Here's an explanation:

form with password input found

This doesn't actually increase the score. What happens is that only forms that are considered "sensitive" (ask for address, password, credit card, etc.) count towards the score. This message means that the form contains a password input, so it will be checked as part of the scoring.

form with simple path for action detected

This occurs when an action parameter on the form contains less than two slashes in it. The reason is that a lot of phishing websites put all the files in the same directory, and set the paths on the actions to be relative, whereaas most legitimate sites use absolute links. (I'm not really sure why this is).

links go to external domain

This means that most or all of the links on the page point to an external domain. The reason for this is that a lot of phishing sites are cloned copies of the real sites, with just the form action changed. For example, on a lot of PayPal phishes, all of the links on the page still point to "paypal.com".

Einenlum commented 8 years ago

Mmm interesting, thanks. Maybe, instead of adding everyday more websites to a whitelist (which is not viable on the long term) there could be an option 1/ to select the level of blocking (adapting the maximum score) and 2/ to add as a user a website to a personal whitelist.

burnoutberni commented 8 years ago

I guess there is a general problem with redirects to single sign-on pages, at least it's the case here: Moodle of the University of Vienna

surajsharma commented 8 years ago

thisi is getting pretty ridiculous for me, national newspaper websites are malicious now please just allow a bypass button already!

PalmerAL commented 8 years ago

@surajsharma A bypass button was added in 1.2.0 - see issue #13. You can download the new version from here: https://github.com/PalmerAL/min/releases/tag/v1.2.0.

Also, can you please share which news websites are causing the problem?

surajsharma commented 8 years ago

@PalmerAL Some pages on Vikaspedia.in were not opening, but i am glad a bypass button exists, also thanks for allowing us to set default browser .. I like how snappy Min is compared to other NodeJS based chromium browsers, please keep it that way.

PalmerAL commented 8 years ago

I'm going to close this issue for now. If there are additional websites that shouldn't be blocked, please open separate issues for those.