Check if a site is phishing site.

Here is the updated bookmarklet: Phishy? (tested on firefox 2.0 only!)

1. Drag this link to your bookmark. This checks if the site you are currently on is a phishing site.
2. Drag this link to your bookmark. This prompts for a URL and checks if it is a phising site.

Uses phishtank's check URL API.

If this does not work try turning debug to true above if you want to see the encoding.

Update: This still uses the GET method for checking the URL. Phishtank recommends using the POST interface (which will remove limitations on URL length: base64 inflates the length by 33%). Implementing that would need some kind of xmlhttprequest hackery. Stay tuned...

Update2: I got the AJAX bookmarklet ready, (thanks!)but it hits the infamous "uncaught exception: Permission denied to call method" bug. i.e. you cannot do cross-domain xmlhttprequests. To solve that I think I need to convince PhishTank to host the javascript code, so the bookmarklet will insert a hidden iframe into the current page which will load the javascript from phishtank page, which will eventually make xmlhttprequest to phistank and display the result back. Are you listening PhishTank ?

Update3: Thanks to "till" who commented below, here is the bookmarklet using the POST method so now the solution will also work for really long URLs. Till's solution is good, but it makes users trust his site (in addition to phishtank). So basically user has to trust that he is not trying to filter the results being presented..

I have also merged the two earlier bookmarklets so that the current site location will be autopopulated in the prompt, so that user can easily change it if he wants to check a URL different from the one he currently is on.

9 thoughts on “Check if a site is phishing site.

  1. Try this:

    javascript:debug=false;Qr=prompt(“Enter URL to check”,””);if(debug){window.alert(“Original: “+Qr+”\nb64: “+btoa(Qr)+”\nEscaped: “+escape(btoa(Qr)))};if(Qr != null){location.href=””+escape(btoa(Qr))};

  2. I expanded your check and added a “pretty” status page and made a bookmarklet that uses POST to submit the URL to circumvent GET limitations.

    Check it out, and let me know what you think.


  3. Note: with the three different links in this post, I’m not 100% sure which is the “right” version of the bookmarklet. Are there two separate bookmarklets with different functions?

  4. Please don’t duplicate the code here, as I worked on it already again and intend to keep the post on my blog updated.

    A link would have been nice. 🙂

  5. I think it would be better if you added so if the user hits cancel then the bookmarklet won’t do anything (currently it will still change the page even if you don’t want it too).

    thus adding:

    if(Qr != null){

    before location.href

  6. The more you put into the bookmarklet, I think the less likely it is to work on different browsers. Especially IE6 has a hefty limited.

    Something to take into account.

Comments are closed.