PhishPal - Anti-Phishing Chrome Extension

🚀 Key Features

🔍On-Hover Scanning

PhishPal automatically adds a "🔍 Scan" button when you hover over any HTTP/HTTPS link. Click to instantly check the link's reputation through our secure backend API.

🚦Visual Risk Indicators

Get instant visual feedback with color-coded indicators:

🟢 Safe - No threats detected
🟡 Suspicious - Flagged by some engines
🔴 Dangerous - Malicious content detected
❓ Error - Scan failed or API issue

📊Detailed Tooltips

Hover over result markers to see comprehensive VirusTotal statistics including malicious, suspicious, harmless, and undetected counts from multiple security engines.

⚡Enhanced Performance

Our Railway backend handles API rate limiting, caching, and optimization. No need to manage your own VirusTotal API key - everything works seamlessly out of the box!

🏗️ New Architecture

PhishPal now uses a secure backend API deployed on Railway for enhanced performance and reliability

🌐 Chrome Extension

Content & Background Scripts

→

🚀 Railway Backend

Express.js API Server

→

🔍 VirusTotal API

Threat Intelligence

🔒Secure API Handling

Your VirusTotal API key is safely stored on our backend server, never exposed to the client-side extension code.

⚡Rate Limiting & Caching

Backend handles API rate limits intelligently and caches results to improve performance and reduce API usage.

🌍Global Availability

Railway deployment ensures high availability and fast response times from anywhere in the world.

🛠️Easy Maintenance

Centralized backend makes updates and improvements seamless without requiring extension updates.

🔧 How PhishPal Works

Hover Detection

Content script detects when you hover over HTTP/HTTPS links and dynamically creates scan buttons

User Interaction

Click the "🔍 Scan" button to initiate URL analysis. Button shows loading state during scan

Railway Backend API

Background script sends URL to secure Railway backend server, which handles VirusTotal API calls, rate limiting, and caching

Visual Results

Scan button is replaced with color-coded result marker and detailed tooltip with engine statistics

📦 Installation Options

Choose your preferred installation method - now with simplified setup!

🏪 Chrome Web Store

Easy One-Click Installation - No API Key Required!

🛒 Install from Chrome Web Store

Click the "Install from Chrome Web Store" button above
Click "Add to Chrome" on the Chrome Web Store page
Confirm by clicking "Add extension" in the popup
PhishPal will be automatically installed and ready to use!
Visit any website and hover over links to see PhishPal in action
No configuration needed - backend handles everything!

🔧 Developer Mode

For Development & Testing

Download extension from GitHub
Open Chrome and go to chrome://extensions
Enable "Developer mode" toggle (top-right)
Click "Load unpacked" and select PhishPal folder
Extension is ready to use - no API key setup required!
Backend automatically handles all VirusTotal API calls

🧩 Updated Backend Integration

Here's how PhishPal now communicates with the Railway backend:

// New backend API integration
async function checkUrlWithBackend(url) {
  try {
    const response = await fetch('https://phishpal-backend-production.up.railway.app/api/check-url', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ url })
    });

    if (!response.ok) {
      throw new Error(`Backend error: ${response.status}`);
    }

    const data = await response.json();
    return data.stats;
  } catch (error) {
    console.error('Backend failed:', error);
    return { 
      harmless: 0, 
      malicious: 0, 
      suspicious: 1, 
      undetected: 0 
    };
  }
}

// Message handling for content script communication
chrome.runtime.onMessage.addListener((request, sender, sendResponse) => {
  if (request.action === "scanLink" && request.link) {
    checkUrlWithBackend(request.link)
      .then(stats => sendResponse({ stats }))
      .catch(error => {
        console.error("Scan error:", error);
        sendResponse({ 
          error: error.message,
          stats: { harmless: 0, malicious: 0, suspicious: 1, undetected: 0 }
        });
      });
    return true;
  }
});

🎯 Try It Out

Once installed, PhishPal will work on any website. Here are some example links to test:

https://www.google.com https://www.github.com https://example.com

Hover over these links after installation to see PhishPal in action!

⚙️ Updated Technical Implementation

Enhanced Manifest V3 Architecture:

{
  "manifest_version": 3,
  "name": "Phishing Hover Detector",
  "version": "1.1",
  "permissions": ["scripting", "tabs", "storage"],
  "host_permissions": [
    "<all_urls>",
    "https://phishpal-backend-production.up.railway.app/*"
  ],
  "background": {
    "service_worker": "background.js"
  },
  "content_scripts": [{
    "matches": ["<all_urls>"],
    "js": ["content.js"]
  }],
  "icons": {
    "48": "icon48.png"
  }
}

Key Improvements:

Railway Backend: Secure Express.js server handling all API communications
No API Key Required: Users don't need to manage VirusTotal API keys
Enhanced Security: API credentials safely stored on backend server
Better Performance: Server-side caching and rate limiting
Improved Reliability: Centralized error handling and fallback mechanisms

⚠️ Important Disclaimer

PhishPal is an MVP (Minimum Viable Product) designed for educational and demonstration purposes. While it provides real threat detection using VirusTotal's API through our secure backend, users should:

Never click on links flagged as dangerous (🔴)
Exercise caution even with "safe" results
Use additional security measures and common sense
Be aware that no security tool is 100% foolproof

🛒 Install Extension 📂 View Source Code 🏠 Back to Portfolio

🛡️ PhishPal