PhishBouncer project is an advanced Java HTTP(S) proxy with anti-phishing capabilities.
PhishBouncer is an anti-phishing platform based on an HTTP/HTTPS proxy integrating anti-phishing checks that do not depend on block lists or Phish signatures. The checking algorithms make use of the attributes of the web-site being visited, the structure and properties of the referring URL, and the web-site's association with other legitimate web-sites that the user interacts with. The checks are implemented as plug-in interceptors, and it is easy to modify them and add or remove new checks. Apart from defense against Phishing, PhishBouncer is also a platform for developing and testing new anti-Phishing checks.
For ease of rapid prototyping and testing of anti-Phishing checks with real and reliable test data, a crawl-and-drive framework is also provided-- all you need is an APWG membership to be able to download Phish Reports from APWG and follow the instructions provided. This framework will periodically download new Phish URLs from APWG, and visit the Phish sites using the PhishBouncer proxy first without and then with the anti-Phishing checks. All results are logged so that dead or broken sites (i.e., sites that produced errors in either visit) can be culled, and the remaining data can be used to obtain an accurate count of how many Phish sites were flagged by the currently active checks.
The HTTP/HTTPS proxy framework can also be used to insert other types of adaptive behavior in the HTTP/HTTPS based interaction by replacing the plug-in interceptors executing anti-phishing checks by other interceptors that performs logging, filtering (as in parental control), load-balancing, QoS-based redirection etc.
PhishBouncer was developed by BBN under an R&D project supported by the Homeland Security Advanced Research Project Agency (HSARPA), under its Cyber Security R&D program.
Here are some key features of "PhishBouncer":
· Implemented in Java, therefore less vulnerable to traditional exploits (e.g., buffer overflow attacks)
· Architectural solution with stronger guarantees than browser plug-ins (can catch phishing attacks even if the browser is closed or not part of the communication)
· Browser independent - supports all web browsers
· Operating system independent - supports all operating systems that can run Java
· Highly customizable deployment options - runs on user hosts, wireless routers, or network server
· Open framework and plug-in architecture - allows easy addition of new checks
· Attribute-based detection - provides protection against unknown phishing attacks
· Supports reactive and proactive anti-phishing checks
· Supports HTTP and HTTPS