13d9821b8d
- Introduce error reporting and performance monitoring in background.js to track API calls and processing times. - Implement health check system to ensure the extension's operational status and log issues. - Add caching and encryption utilities in content.js for improved link analysis and data validation. - Refactor link analysis to process in batches, enhancing performance and user experience. - Update UI in domains_management.html and options.html for better usability and aesthetics, including responsive design and improved layout. - Enhance popup.html to display suspicious links with better styling and functionality. - Modify manifest.json to include new permissions and host access for Safe Browsing API.
Enterprise App Protection
🔍 What This Extension Does
Protect yourself and your organization from phishing attacks that impersonate common enterprise applications like DocuSign, Salesforce, Microsoft 365, and hundreds more. This extension:
- ✓ Automatically scans links in your browser and emails in real time
- ✓ Alerts you when a link claims to be from a trusted enterprise app but leads to an unofficial domain
- ✓ Uses Google Safe Browsing API to detect phishing and malware threats beyond known fake domains
- ✓ Maintains an up-to-date database of legitimate enterprise application domains
- ✓ Detects dynamically added links (e.g., in Outlook Web, Teams, SharePoint)
- ✓ Works with 150+ enterprise applications
- ✓ Functions completely offline after initial setup (except for Safe Browsing checks)
⚙️ How It Works
When you visit a webpage or open an email, the extension:
- Scans all links and detects if any enterprise applications (like "DocuSign" or "Salesforce") are mentioned
- Verifies if the associated links actually go to official domains
- Checks Google Safe Browsing to detect malware and phishing links not in its internal database
- Detects links inside dynamically loaded content (like Outlook Web, Microsoft Teams, SharePoint)
- Shows a clear warning if a potential impersonation attempt is detected
🔐 Privacy & Security
- Zero Data Collection: This extension does not collect, store, or transmit any personal data, browsing history, or email content.
- Completely Offline: After initial installation, all domain checks are performed locally on your device.
- No Cloud Processing: All link analysis happens directly in your browser.
- Uses Google Safe Browsing API: Checks URLs against Google’s real-time phishing and malware database.
- Open Source: All code is available for review.
🚫 What This Extension Doesn't Do
- ❌ Does NOT access, read, or store your email content or attachments.
- ❌ Does NOT track your browsing history.
- ❌ Does NOT require an account or registration.
- ❌ Does NOT send any data back to our servers.
- ❌ Does NOT modify or alter any content—it only shows warnings.
- ❌ Does NOT prevent you from visiting any websites.
🔹 Trusted & Blocked Domains
- Trusted Domains: These domains are always allowed and will not be flagged.
- Blocked Domains: These domains will always be marked as unsafe.
To modify trusted/blocked domains:
- Open the extension options page.
- Add or remove domains under "Trusted Domains" or "Blocked Domains".
- Click "Update Database" to apply changes.
🔍 Google Safe Browsing API
This extension integrates with Google Safe Browsing to detect additional phishing and malware sites.
If Google does not recognize a site as unsafe, it will not be flagged unless it is in the blocked domains list.
🔹 Report new phishing domains to Google → Submit a phishing site
👥 Perfect For
- Business professionals who regularly use enterprise applications
- IT security teams looking to protect their organizations
- Anyone concerned about phishing attacks targeting business services
- Organizations using multiple cloud-based enterprise applications
- Microsoft 365 users (Outlook, Teams, SharePoint) who want extra security
🖥️ System Requirements
- Google Chrome 88+ / Microsoft Edge 88+
- Works with Microsoft Outlook Web, Teams, and SharePoint
- Internet connection required for Safe Browsing checks (optional)
🛠️ Troubleshooting
❓ Why is a suspicious site not flagged?
- It might not be in the
domains.jsondatabase. - Google Safe Browsing does not recognize it as a phishing site.
- The domain may be a legitimate subdomain of an official service.
❓ Why is a link incorrectly flagged?
- If the link contains a word matching an app name but is not actually phishing.
- You can add the domain to "Trusted Domains" in the options page.
🔥 Latest Updates
✅ Final Version Features
- ⚡ Dynamic Link Scanning: Detects phishing links inside emails, Teams, and SharePoint without reloading the page.
- 🎯 Google Safe Browsing Support: Detects additional phishing sites beyond known fake domains.
- 🛡️ Improved Matching: Ensures only full app names trigger warnings.
- 🚀 Optimized Performance: No duplicate warnings, reduced false positives.
- 📡 No More Debugging Logs: Production-ready version with clean console logs.
Screenshots
🔧 Settings Page
The settings page allows users to configure the Google Safe Browsing API key and manage trusted and blocked domains. Users can enter domains manually to whitelist or blacklist specific sites.
⚠️ Extension Popup
The extension popup provides real-time feedback when navigating websites. If a domain is flagged as unsafe, the user receives an alert, helping to prevent phishing and malicious activity.
