Quick Start
AuntieTuna is a browser extension that checks if each page you visit is a potential phishing website, based on snapshots of known-good websites.
For example, as a customer of PayPal, you add a snapshot of the
www.paypal.com login to your known-good.
AuntieTuna then checks if every other page you visit looks like
www.paypal.com.
If the page does, then AuntieTuna marks it as suspected phish.
Goals
We will do the following with AuntieTuna (10-15 min.):
- Install: install the browser extension
- Test: visit a “test phishing” site
- Inoculate: protect yourself from PayPal-phish by first adding the genuine PayPal as known-good
- Share and Use Known-Good: share and download known-good lists from others
AuntieTuna works Mozilla Firefox and Google Chrome!
The walkthrough steps are same or very close to Google Chrome. While most of the screenshots are of Mozilla Firefox, they should look similar to what you will see in Google Chrome, too.
Walkthrough
-
Chromium / Chrome / Brave: Install AuntieTuna: Go to Chrome Web Store and install by clicking on the blue “Add to Chrome”. You can also sideload the extension by following these instructions.
-
AuntieTuna will ask for permissions (your browsing history or data is not collected in AuntieTuna: learn more). Click on “Add Extension”:
-
After installation, the browser will give you a notification that it has been successfully added:
-
-
Firefox: Install AuntieTuna: Go to https://auntietuna.ant.isi.edu and click on “auntietuna-0.0.x-fx.xpi” (blue box in the next picture):
-
You’ll be asked for permission to install an add-on. Click on “Continue to Installation”:
-
AuntieTuna will ask for permissions (your browsing history or data is not collected in AuntieTuna: learn more). Click on “Add”:
-
-
Chromium / Chrome / Brave and Firefox: After installation, the Options page might open. You can close this for now and continue with the next step:
If you want to know more:
The options page is where you can import your Known-Good
Lists (“Import Known-Good Lists”) and manage/export your
Known-Good Lists (“Manage and Export Known-Good Lists”).
“Manage and Export Known-Good Lists” shows the list of sites you are protected on. Currently by default, you are protected on USC’s Single-Sign On portal (2019), PayPal (2015), and the EICAR test. -
Test AuntieTuna: Try visiting a “phishing” page by clicking on this link: https://auntietuna.ant.isi.edu/eicar.html.
(This page isn’t actually a phish: it just contains a test string that we’re looking for).
You should see something like this next image:
This image shows the alert you’ll see when AuntieTuna
suspects that a visited page is phish.
Since we’re in alpha, the alert is not very prominent. There’s also some debugging information at the bottom that you can submit that will be very helpful for the developers. -
Inoculate with AuntieTuna: let’s see how AuntieTuna protects us from PayPal phish by adding
www.paypal.comto our known-good.
Visit https://www.paypal.com/us/signin, then click on the red shield (top right), and then click on the green “Add to Good List”:
You’re now inoculated with www.paypal.com: AuntieTuna will always check in the background if any page you visit other thanwww.paypal.comlooks like the PayPal login. If it does, AuntieTuna will suspect that it’s phish, and alert you. -
Share Your Known-Good: Open the “Options” page by clicking on the red shield and then clicking on the orange “Options” button:
You can see in “Manage and Export Known-Good Lists” that
www.paypal.comhas its own entry (row #4):
We can “export” this known-good list to share with our friends, so
that they are also protected on PayPal. First click on the checkbox
in row #4, then click on “Export Selected”:
You can then download and share the resulting known-good list
(.jsonfile) directly via email, or through our website:
-
Use Others’ Known-Good: Let’s now import
facebook.com's known-good. First, save the following file to your computer: hashes.facebook-2019-10-15.json or download it from Known-Good Lists.
Drag and drop thehashes.facebook-2019-10-15.jsonfile inside the blue dashed box, or click on “Browse” and find the file:
If the import is successful, you’ll see a message saying that the
file was successfully imported, and a new entry (row #5) in your
known-good list:
You can use these instructions to import known-good lists from your
friends, or from this website. -
We’re done! AuntieTuna is now silently protecting you from phishing sites that copy from
www.paypal.com,shibboleth.usc.edu(USC’s Single Sign-On portal), andfacebook.com. Next, try the following:- Add other sites you use to your known-good
- Download and share known-good lists
- Problems with AuntieTuna? Report a bug or false positive alert
- Questions about AuntieTuna? Check the Frequently Asked Questions or email us
- Want to write some code? Check the page for developers
We Need Your Help!
Thank you for helping with this alpha test!
We would greatly appreciate your feedback: having gone through the quick start, we have some questions for you.
You can copy and paste this template in:
- an email to us at calvin@isi.edu
- the Google Forms
> Are the Quick Start instructions...
[ ] unclear, confusing
[ ] clear, easy to follow
[ ] too verbose
[ ] other: (your answer here)
Additional feedback: (your feedback here)
> Is the User Interface (options page, "popup" containing
> Add/Options/Download)...
[ ] too minimal--I wasn't sure what to do
[ ] busy, confusing--it was hard to find what I needed
[ ] working as expected
[ ] clear and easy to use
[ ] other: (your answer here)
Additional feedback: (your feedback here)
> Was the process of importing / exporting your known-good...
[ ] unclear or confusing
[ ] too difficult or too many steps
[ ] OK, reasonable
[ ] easy or intuitive
[ ] other: (your answer here)
Additional feedback: (your feedback here)
> What features do you want to see in AuntieTuna?
(Your answer here)
> Do you have any other questions or feedback?
(Your answer here)