Add meta refresh and URL tampering test cases.

duckduckgo · Jul 25, 2024 · 24e866d · 24e866d
1 parent 3342bbe
commit 24e866d
Show file tree

Hide file tree

Showing 10 changed files with 144 additions and 4 deletions.
diff --git a/security/badware/index.html b/security/badware/index.html
@@ -15,12 +15,19 @@ <h1>Phishing Detection Test Pages</h1>
         <li><a href="./phishing-js-redirector-helper.html">Phishing JS Redirector (Direct)</a></li>
         <li><a href="./phishing-js-redirector.html">Phishing JS Redirector (Indirect)</a></li>
         <li><a href="./phishing-legit-iframe-loader.html">Phishing Legit iFrame Loader</a></li>
+        <li><a href="./phishing-meta-redirect-clean.html">Phishing Redirect via Meta Refresh (Not Flagged in Dataset)</a></li>
+        <li><a href="./phishing-meta-redirect.html">Phishing Redirect via Meta Refresh (Flagged in Dataset)</a></li>
+        <li><a href="./phishing-popups.html">Phishing Open via Popups</a></li>
+        <li><a href="./phishing-url-tampering.html">Phishing Opening with URL Tampering</a></li>
         <li><a href="/security/badware/phishing-redirect/">HTTP 301 Redirect to Main Phishing Test Page</a></li>
         <li><a href="/security/badware/phishing-redirect/302">HTTP 302 Redirect to Main Phishing Test Page</a></li>
         <li><a href="/security/badware/phishing-redirect/js">HTTP Redirect to Phishing JS Redirector (Indirect)</a></li>
         <li><a href="/security/badware/phishing-redirect/js2">HTTP Redirect to Phishing JS Redirector (Direct)</a></li>
         <li><a href="/security/badware/phishing-redirect/iframe">HTTP Redirect to Phishing iFrame Loader</a></li>
         <li><a href="/security/badware/phishing-redirect/iframe2">HTTP Redirect to Phishing Legit iFrame Loader</a></li>
+        <li><a href="/security/badware/phishing-redirect/meta">HTTP Redirect to Clean Meta Refresh Redirector</a></li>
+        <li><a href="/security/badware/phishing-redirect/meta2">HTTP Redirect to Flagged Meta Refresh Redirector</a></li>
+
     </ul>
 </body>
 

diff --git a/security/badware/phishing-iframe-loader.html b/security/badware/phishing-iframe-loader.html
@@ -7,7 +7,7 @@
 <body>
 <p><a href="./index.html">[Back]</a></p>
 
-<h1>Phishing page</h1>
+<h1>Phishing Page iFrame Loader</h1>
 
 <p>This is an example page that, although it is not in our phishing dataset, it loads a test phishing page in an iframe. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is working.</p>
 <iframe src="https://bad.third-party.site/security/badware/phishing.html" width="100%" height="500" title="Phishing Page"></iframe>

diff --git a/security/badware/phishing-js-redirector-helper.html b/security/badware/phishing-js-redirector-helper.html
@@ -11,7 +11,7 @@
 <body>
 <p><a href="./index.html">[Back]</a></p>
 
-<h1>Phishing page</h1>
+<h1>Phishing Page JS Redirects (Direct)</h1>
 
 <p>This is a helper page that is used to redirect to a page that should be classified as phishing. This page itself should not be classified as phishing in our datasets, but since it redirects to a page that is, the error page should still be shown. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is
 working.</p>

diff --git a/security/badware/phishing-js-redirector.html b/security/badware/phishing-js-redirector.html
@@ -11,7 +11,7 @@
 <body>
 <p><a href="./index.html">[Back]</a></p>
 
-<h1>Phishing page</h1>
+<h1>Phishing Page JS Redirects (Indirect)</h1>
 
 <p>This is an example phishing page that attempts to load legitimate iframes to trick the browser into incorrectly classifying the page as legitimate when it should be classed as malware. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is
 working.</p>

diff --git a/security/badware/phishing-legit-iframe-loader.html b/security/badware/phishing-legit-iframe-loader.html
@@ -7,7 +7,7 @@
 <body>
 <p><a href="./index.html">[Back]</a></p>
 
-<h1>Phishing page</h1>
+<h1>Phishing Page - iFrame Spoofing</h1>
 
 <p>This is an example phishing page that attempts to load legitimate iframes to trick the browser into incorrectly classifying the page as legitimate when it should be classified as phishing. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is
 working.</p>

diff --git a/security/badware/phishing-meta-redirect-clean.html b/security/badware/phishing-meta-redirect-clean.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="refresh" content="0;url=/security/badware/phishing.html">
+    <title>Phishing page</title>
+</head>
+
+<body>
+    <p><a href="./index.html">[Back]</a></p>
+
+    <h1>Phishing Redirect via Meta Refresh</h1>
+
+    <p>This is an example page that loads a phishing page via a meta refresh to test how the browser responds. If you arrive here by mistake; there's
+        nothing to worry about, we just use this page to test if our client blocking is working.</p>
+
+</body>
+
+</html>
diff --git a/security/badware/phishing-meta-redirect.html b/security/badware/phishing-meta-redirect.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="refresh" content="0;url=/security/badware/phishing.html">
+    <title>Phishing page</title>
+</head>
+
+<body>
+    <p><a href="./index.html">[Back]</a></p>
+
+    <h1>Phishing Redirect via Meta Refresh</h1>
+
+    <p>This is an example page that loads a phishing page via a meta refresh to test how the browser responds. If you arrive here by mistake; there's
+        nothing to worry about, we just use this page to test if our client blocking is working.</p>
+
+</body>
+
+</html>
diff --git a/security/badware/phishing-popups.html b/security/badware/phishing-popups.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <meta charset="utf-8">
+    <title>Phishing Page via Popups</title>
+    <script>
+        // eslint-disable-next-line no-unused-vars
+        function openPopup(target) {
+            window.open('/security/badware/phishing.html', target);
+        }
+    </script>
+</head>
+
+<body>
+    <p><a href="./index.html">[Back]</a></p>
+
+    <h1>Phishing Page Opener via Popups</h1>
+
+    <p>This is an example page that opens phishing pages via various pop-ups with different target types to test the in-browser phishing detection blocking. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is
+    working.</p>
+
+    <h2>Test Popups</h2>
+    <button onclick="openPopup('_blank')">Open Phishing Popup (_blank)</button>
+    <button onclick="openPopup('_self')">Open Phishing Popup (_self)</button>
+    <button onclick="openPopup('_parent')">Open Phishing Popup (_parent)</button>
+    <button onclick="openPopup('_top')">Open Phishing Popup (_top)</button>
+    <button onclick="openPopup('')">Open Phishing Popup (no target)</button>
+    <button onclick="openPopup('invalid')">Open Phishing Popup (invalid target)</button>
+</body>
+
+</html>
diff --git a/security/badware/phishing-url-tampering.html b/security/badware/phishing-url-tampering.html
@@ -0,0 +1,51 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>Phishing Page with URL Tampering</title>
+  <script>
+    // eslint-disable-next-line no-unused-vars
+    function injectedWhitespace() {
+      // Inject tab (0x09), CR (0x0d), and LF (0x0a) characters into the URL to bypass phishing detection
+      window.location = '/security/badware/phishing.html\t\r\n';
+    }
+
+    function injectedMiddleWhitespace() {
+      // Inject tab (0x09), CR (0x0d), and LF (0x0a) characters into the URL to bypass phishing detection
+      window.location = '/security/badware/\t\r\n\tphishing.html';
+    }
+
+    function injectedFragments() {
+      // Inject #frags into the URL to bypass phishing detection
+      window.location = '/security/badware/phishing.html#frags';
+    }
+
+    function injectedDoublePaths() {
+      // Inject "/../" in the path to bypass phishing detection
+      window.location = '/security/../security/badware/phishing.html';
+    }
+
+    function injectedSinglePaths() {
+      // Inject /./ in the path to bypass phishing detection
+      window.location = '/security/./badware/phishing.html';
+    }
+
+    function percentEncodeURL() {
+      window.location = "/%73%65%63%75%72%69%74%79/%62%61%64%77%61%72%65/%70%68%69%73%68%69%6e%67%2e%68%74%6d%6c"
+    }
+  </script>
+</head>
+<body>
+  <p><a href="./index.html">[Back]</a></p>
+
+<h1>Phishing Opening via URL Tampering</h1>
+
+<p>This is an example malicious page that attempts to open phishing pages with tampered URLs to bypass the phishing detection logic. If you arrive here by mistake; there's nothing to worry about, we just use this page to test if our client blocking is working.</p>
+<button onclick="injectedWhitespace()">Injected Whitespace</button>
+<button onclick="injectedMiddleWhitespace()">Injected Middle Whitespace</button>
+<button onclick="injectedFragments()">Injected Fragments</button>
+<button onclick="injectedDoublePaths()">Injected Double Paths</button>
+<button onclick="injectedSinglePaths()">Injected Single Paths</button>
+<button onclick="percentEncodeURL()">Percent Encode URL</button>
+</body>
+</html>
diff --git a/security/badware/server/routes.js b/security/badware/server/routes.js
@@ -46,4 +46,14 @@ router.get("/iframe2", (req, res) => {
   res.redirect(301, "/security/badware/phishing-legit-iframe-loader.html");
 });
 
+// Returns a redirect to a page that renders a phishing page using a meta refresh (not flagged in dataset)
+router.get("/meta", (req, res) => {
+  res.redirect(301, "/security/badware/phishing-meta-redirect-clean.html");
+});
+
+// Returns a redirect to a page that renders a phishing page using a meta refresh (flagged in dataset)
+router.get("/meta2", (req, res) => {
+  res.redirect(301, "/security/badware/phishing-meta-redirect.html");
+});
+
 module.exports = router;