Discussion on Gone Phishing | Userscripts.org

Archived Comments, replied by B10m

B10m — Fri, 09 Mar 2007 20:19:44 +0000

Thanks for the feedback nitro322. Let me explain why I don't think your examples should be updated:

link: http://www.evilsite.net/
text: www.goodsite.net

Technically, "www.goodsite.net" is not an URL. I don't trust that to begin with ;-). We could scan for text that begins with 'www', but the next thing would be to include 'secure', 'images', etc. What about this?

link: http://evilsite.com/
text: goodsite.com

As you can see, it's getting tricky.

link: http://www.evilsite.net/
text: goodpage.html

See above. This URL is not really trying to trick you that much. Following this example (and taking it to extremes) this would be incorrect too:

link: http://www.evilsite.com/contact.html
text: faq

link: http://www.goodsite.net/evilpage
text: http://www.goodsite.net/

The same thing as above applies here. This isn't really a fishing attempt. We're on the same domain, so the least we can do is trust the server. The "evilpage" shouldn't be on the "goodsite.net" to begin with ;-)

Archived Comments, replied by nitro322

nitro322 — Sun, 25 Feb 2007 07:28:26 +0000

By the way, the link/text pairs in my example should have all been plain text. The userscript.org website translated them into links. I'd recommend not clicking on any of them as I really don't know where they lead.

Archived Comments, replied by nitro322

nitro322 — Sun, 25 Feb 2007 07:26:32 +0000

B10m, I've been using this script for a while now. Very cool idea; thanks for making it available.

I've recently been testing it, though, and I noticed a few cases where it will fail. For example, take the following link/text pairs:

link: http://www.evilsite.net/
text: www.goodsite.net

link: http://www.evilsite.net/
text: goodpage.html

link: http://www.goodsite.net/evilpage
text: http://www.goodsite.net/

In all three cases, your script will fail to report the discrepancy. I tried playing around with the source a bit to see if I could make this work, but I'm just not that good with Javascript.

Any chance you could look into this and try to make your script a bit more robust?

Archived Comments, replied by mar 1

mar 1 — Mon, 15 May 2006 00:12:43 +0000

This is certainly one of the best Greasemonkey scripts that I've ever used. Personaly, I want to know what is hiding under the surface. So, this script has made it much easier for me to detect suspicious Web pages. If you are using the "Redirect Remover" extension (which I am doing), it will be even better to have this script installed since "Gone Fishing" will act as an early-warning-system when you click on a suspicious link. I recommend them both! If you want the extension to work, you have to configure it in a certain way. For best result, go to the "Highlighting" tab and untick the first checkbox (...containing a removed redirect). For the uncleaned section, just use yellow as background. Sorry for the looong comment! B10m you rock!! :)

Archived Comments, replied by B10m

B10m — Fri, 03 Feb 2006 14:40:21 +0000

Updated, thanks a bunch.

Archived Comments, replied by Bret Mogilefsky

Bret Mogilefsky — Fri, 03 Feb 2006 12:37:24 +0000

Works great, and a great idea. Thanks!

One little nit... The script was turning up false positives over differences in case, which I think is unnecessary. That situation crops up more often than you might think; about 2/3 of the warnings I was seeing were for that. I put ".toLowerCase()" on each of the operands to the main string compare to stop that.

Archived Comments, replied by Jesse Andrews

Jesse Andrews — Wed, 17 Nov 2004 01:05:56 +0000

The following is an archive of comments made before threaded discussions was implemented (November 16th, 2008)