SpoofStick For IE and FireFox

[bob3160]

What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL.
Get all the info and the program at the following URL:
http://www.corestreet.com/spoofstick/
Hope it helps.

[DavidR]

I have it on firefox 0.9.2 and it doesn't fill me with confidence as it is easy to spoof the SpoofStick.

Yes it trys to identify the origin of the true website, but I found a simple exploit of SpoofStick totally invalidating this check.

I regularly visit a website, using a URL domain redirect. I type the friendly short domainname.com and it redirects you to thenotsofriendlyllongdomainname.com website, directory and page.html, etc.

How? the redirect can use frames as the redirect so the website opens inside a frame that appears to be the domain that you typed but it has been redirected. This in hosting terms is known as URL masking and negates SpoofStick.

When you enter a domain check the status bar at the bottom left of the browser window and you can see the path to the true website, where it is downloading images and web pages, etc.

SpoofStick is useful, just don't think it is 100% and carry out the above check when visiting websites from webpage or email links.

[bob3160]

Thanks DavidR
For your full explanation.

[Eddy]

Can one of you tell me the entries this application creates in HijackThis so I can add it to the database? Thanks in advance!

[DavidR]

Hi Artras,

Using Firefox with spoofstick as an extension, I can't see anything in my very small hijackthis.log.

I can't see any other extensions I'm using in firefox either.

Don't know if this would be different for IE of IE base browsers.