Aquarium system |
Aquarium tool - Automatically detect https phishing websites
|
One of the ways to identify phishing pages in the past was to check for a green lock symbol at the beginning of a web address.
Nowadays, because of the existence of free SSL certificate systems, checking for the presence of this sign is no longer a good measure because most new phishing addresses have a free SSL certificate. For this purpose, APA Specialized Center of Semnan University has designed and produced a tool with the aim of identifying phishing websites, called Aquarium.
This tool checks and reports on website address entropy using metrics such as keyword retrieval, SSL certificate registration online check, and etc.
For example, in the keywords section, check the word shaparak and if a mismatch is found in the desired address, it will be given a negative score. In the online review section of SSL certificate registration, if any address, its certificate registration is confirmed, the tool becomes aware of it and then based on the validity period and type of certificate, it determines whether it is free or not and gives it a score.
If the address certificate is free, it is possible that an attacker has used it to protect his identity, and here the tool will give it a negative score. In the entropy section, it checks the number of valid characters in an address and if it exceeds the allowed value, the tool gives it a negative score and the probability of phishing increases.
|
This tool has the following features: |
Online check of SSL certificate registration |
Website address entropy check |
check https protocol details |
The possibility of reporting fake ports |
Automatic detection of phishing pages and notification to the user |
The ability of adding blacklists for specific cases |