Project to make an extension to detect phishing URL

Question

Objective: This project aims to make a chrome extension that can detect any phishing URL whenever a page loads.

Current Processes: I have made an API in which whenever we pass any URL, it will give a response as it is a phishing or not phishing URL. After making the API, I m following the method to make the manifest, HTML, and JavaScript files. API Payload: URL: https://phishingurldetectorapi.herokuapp.com/predict1 (Method = Post)

Body:
{
    "url" : "www.google.com"
}

Response:
"It is  not a phishing url"

I want to pass the URL of any page whenever it loads in the "url" field of my API and it can display the response.

Issues: I am currently stuck in the part on how to pass the URL using javascript in my API body. Can anyone help with this?

What about you grab the current page URL by using `window.location.href` and pass to the body? — ronaldtgi, Jan 26 '22 at 05:13

score 0 · Accepted Answer · answered Jan 26 '22 at 09:43

0

You can send current page url through ajax body as below.


(()=>{

   let current_page_url = window.location.href;
   fetch('https://phishingurldetectorapi.herokuapp.com/predict1',{
       method:'POST',
       headers:{
           'Content-Type':'application/json'
       },
       body:JSON.stringify({url:current_page_url})
   })
   .then(e=>e.json())
   .then(res=>console.log(res))
   .catch(err=>console.log(err))

})()

To work in all pages, you have to set https://*/* in matches array. e.g

"content_scripts": [
      {
        "matches": [
          "https://*/*"
        ]
      }
 ]

https://phishingurldetectorapi.herokuapp.com/predict1

Unfortunately, this server is not allowed for cross domain request, if you own it you must allow cors first. Otherwise, you won't able to send the request from your chrome extension.

answered Jan 26 '22 at 09:43

ronaldtgi

687
8
17

I have made this api using flask, can u please help me how can I allow cors in this api. – Akash Verma Jan 27 '22 at 17:34
No you can't if you are not the owner of that Heroku API server. It's how CORS work. – ronaldtgi Jan 28 '22 at 04:32
I am the owner of this server.. as i have build this application on heroku.. – Akash Verma Jan 28 '22 at 16:43
Ok you can allow CORS from the server. Here is how to enable [php cors](https://stackoverflow.com/questions/8719276/cross-origin-request-headerscors-with-php-headers) , [python cors](https://stackoverflow.com/questions/50065875/how-to-enable-cors-in-python) and [nodejs cors](https://stackoverflow.com/questions/43150051/how-to-enable-cors-nodejs-with-express). That's it. – ronaldtgi Jan 29 '22 at 04:05

Project to make an extension to detect phishing URL

1 Answers1