From 0fc2b1e35a1ab9fa98e3cde8da6861fc501c8152 Mon Sep 17 00:00:00 2001 From: Brian Simpson Date: Thu, 18 Dec 2025 15:01:58 +0000 Subject: [PATCH 01/11] GITBOOK-65: Hiding Firefox Instructions as Pending Add-On Publishing --- docs/README.md | 18 +- .../README.md | 8 +- docs/deployment/firefox-deployment.md | 166 +++++++++-------- docs/firefox-support.md | 168 ++++++++++-------- docs/settings/about.md | 23 +-- docs/settings/branding.md | 74 ++++---- 6 files changed, 232 insertions(+), 225 deletions(-) diff --git a/docs/README.md b/docs/README.md index c587033b..2c7ccbaf 100644 --- a/docs/README.md +++ b/docs/README.md @@ -20,21 +20,19 @@ layout: ## What is Check? -**Check** is a browser extension that provides real-time protection against Microsoft 365 phishing attacks. +**Check** is a browser extension that provides real-time protection against Microsoft 365 phishing attacks. Specifically designed for enterprises and managed service providers, Check uses sophisticated detection algorithms to identify and block malicious login pages before credentials can be stolen by bad actors. -Check is available for **Chrome**, **Microsoft Edge**, and **Firefox** (109+). +Check is available for **Chrome**, **Microsoft Edge**, and **Firefox** (109+ Coming Soon!). -The extension integrates seamlessly with existing security workflows, offering centralized management, comprehensive logging, and offers an optional CIPP integration for MSPs managing multiple Microsoft 365 tenants. +The extension integrates seamlessly with existing security workflows, offering centralized management, comprehensive logging, and offers an optional CIPP integration for MSPs managing multiple Microsoft 365 tenants. -Check is completely free, open source, and can be delivered to users completely white-label, it is an open source project licensed under AGPL-3. You can contribute to check at [https://github.com/cyberdrain/Check](https://github.com/cyberdrain/Check). +Check is completely free, open source, and can be delivered to users completely white-label, it is an open-source project licensed under AGPL-3. You can contribute to check at [https://github.com/cyberdrain/Check](https://github.com/cyberdrain/Check). -Installing the plugin immediately gives you protection against AITM attacks, and takes seconds. Click the install button and you're good to go. +Installing the plugin immediately gives you protection against AITM attacks and takes seconds. Click the install button and you're good to go. -Install for Edge **OR** Install for Chrome - -**Firefox users:** See the [Firefox Support](firefox-support.md) guide for installation instructions. +Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) ## Why was Check created? @@ -44,14 +42,10 @@ Check was created out of a need to have better protection against AITM attacks. This led to a hackathon in which the team crafted a proof of concept. This proof of concept led to the creation of Check by CyberDrain. CyberDrain decided to offer Check as a free to use community resource, for everyone. - - ### What information does Check collect? Nothing. We're not even kidding, we don't collect any data at all. You can set up a CIPP reporting server if you'd like, but this reports directly to your own environment. CyberDrain doesn't believe in making their users a product. We don't sell or collect any information. - - ## How does it look? When a user gets the plugin added, a new icon will appear, this icon is [brandable](settings/branding.md) to customize it to your own logo and name. diff --git a/docs/deployment/chrome-edge-deployment-instructions/README.md b/docs/deployment/chrome-edge-deployment-instructions/README.md index 809db3a9..68403c3b 100644 --- a/docs/deployment/chrome-edge-deployment-instructions/README.md +++ b/docs/deployment/chrome-edge-deployment-instructions/README.md @@ -5,7 +5,7 @@ description: >- icon: bolt --- -# Deployment Instructions +# Chrome/Edge Deployment Instructions Check is available for **Chrome**, **Microsoft Edge**, and **Firefox** with deployment guides for each browser. @@ -18,9 +18,3 @@ Check is available for **Chrome**, **Microsoft Edge**, and **Firefox** with depl {% content-ref url="macos.md" %} [macos.md](macos.md) {% endcontent-ref %} - -## Firefox Deployment - -{% content-ref url="../firefox-deployment.md" %} -[firefox-deployment.md](../firefox-deployment.md) -{% endcontent-ref %} diff --git a/docs/deployment/firefox-deployment.md b/docs/deployment/firefox-deployment.md index 83fe5706..6dbf4351 100644 --- a/docs/deployment/firefox-deployment.md +++ b/docs/deployment/firefox-deployment.md @@ -1,3 +1,7 @@ +--- +noIndex: true +--- + # Firefox Deployment This guide covers deploying Check to Firefox across different platforms using enterprise policies. @@ -12,12 +16,12 @@ The Check extension for Firefox uses the ID: **`check@cyberdrain.com`** ## Quick Reference -| Platform | Policy File Location | -|----------|---------------------| -| Windows | `%ProgramFiles%\Mozilla Firefox\distribution\policies.json` | -| macOS | `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` | -| Linux (system) | `/etc/firefox/policies/policies.json` | -| Linux (app) | `/usr/lib/firefox/distribution/policies.json` | +| Platform | Policy File Location | +| -------------- | ------------------------------------------------------------------------- | +| Windows | `%ProgramFiles%\Mozilla Firefox\distribution\policies.json` | +| macOS | `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` | +| Linux (system) | `/etc/firefox/policies/policies.json` | +| Linux (app) | `/usr/lib/firefox/distribution/policies.json` | ## Prerequisites @@ -36,21 +40,21 @@ For production deployment, you need a signed .xpi file: #### Option A: Mozilla Add-ons Signing (Recommended) -1. Build the Firefox version: - ```bash - npm run build:firefox - ``` - -2. Package the extension: - ```bash - zip -r check-firefox.zip . \ - -x ".*" \ - -x "node_modules/*" \ - -x "tests/*" \ - -x "*.md" \ - -x "manifest.chrome.json" - ``` - +1. Build the Firefox version: + + ```bash + npm run build:firefox + ``` +2. Package the extension: + + ```bash + zip -r check-firefox.zip . \ + -x ".*" \ + -x "node_modules/*" \ + -x "tests/*" \ + -x "*.md" \ + -x "manifest.chrome.json" + ``` 3. Submit to [addons.mozilla.org](https://addons.mozilla.org) for signing 4. Download the signed .xpi file 5. Host on your internal server or use Mozilla's CDN @@ -58,9 +62,10 @@ For production deployment, you need a signed .xpi file: #### Option B: Development Installation For testing or development: -- Use temporary add-on installation (no signing required) -- Enable unsigned extensions in Firefox developer edition -- Not recommended for production deployments + +* Use temporary add-on installation (no signing required) +* Enable unsigned extensions in Firefox developer edition +* Not recommended for production deployments ### 2. Configure policies.json @@ -125,20 +130,20 @@ Create or modify `policies.json` based on the template in `enterprise/firefox/po {% tabs %} {% tab title="Windows" %} -#### Windows Deployment +**Windows Deployment** **Manual Deployment:** -1. Create the distribution folder if it doesn't exist: - ```powershell - New-Item -ItemType Directory -Force -Path "$env:ProgramFiles\Mozilla Firefox\distribution" - ``` +1. Create the distribution folder if it doesn't exist: -2. Copy your configured `policies.json`: - ```powershell - Copy-Item policies.json "$env:ProgramFiles\Mozilla Firefox\distribution\policies.json" - ``` + ```powershell + New-Item -ItemType Directory -Force -Path "$env:ProgramFiles\Mozilla Firefox\distribution" + ``` +2. Copy your configured `policies.json`: + ```powershell + Copy-Item policies.json "$env:ProgramFiles\Mozilla Firefox\distribution\policies.json" + ``` 3. Restart Firefox on all systems **Group Policy Deployment:** @@ -180,25 +185,26 @@ Write-Output "Firefox policies deployed successfully" {% endtab %} {% tab title="macOS" %} -#### macOS Deployment +**macOS Deployment** **Manual Deployment:** -1. Create the distribution folder: - ```bash - sudo mkdir -p "/Applications/Firefox.app/Contents/Resources/distribution" - ``` +1. Create the distribution folder: + + ```bash + sudo mkdir -p "/Applications/Firefox.app/Contents/Resources/distribution" + ``` +2. Copy your configured `policies.json`: -2. Copy your configured `policies.json`: - ```bash - sudo cp policies.json "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" - ``` + ```bash + sudo cp policies.json "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" + ``` +3. Set appropriate permissions: -3. Set appropriate permissions: - ```bash - sudo chmod 644 "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" - sudo chown root:wheel "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" - ``` + ```bash + sudo chmod 644 "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" + sudo chown root:wheel "/Applications/Firefox.app/Contents/Resources/distribution/policies.json" + ``` **MDM Deployment (Jamf, Intune, etc.):** @@ -235,37 +241,39 @@ Some MDM systems support Firefox configuration profiles. Check your MDM document {% endtab %} {% tab title="Linux" %} -#### Linux Deployment +**Linux Deployment** **System-Wide Deployment:** -1. Create the policies directory: - ```bash - sudo mkdir -p /etc/firefox/policies - ``` +1. Create the policies directory: -2. Copy your configured `policies.json`: - ```bash - sudo cp policies.json /etc/firefox/policies/policies.json - ``` + ```bash + sudo mkdir -p /etc/firefox/policies + ``` +2. Copy your configured `policies.json`: -3. Set proper permissions: - ```bash - sudo chmod 644 /etc/firefox/policies/policies.json - ``` + ```bash + sudo cp policies.json /etc/firefox/policies/policies.json + ``` +3. Set proper permissions: + + ```bash + sudo chmod 644 /etc/firefox/policies/policies.json + ``` **Distribution-Specific Locations:** Different Linux distributions may use different paths: -- **Debian/Ubuntu**: `/etc/firefox/policies/policies.json` -- **RHEL/CentOS/Fedora**: `/usr/lib64/firefox/distribution/policies.json` -- **SUSE/openSUSE**: `/usr/lib/firefox/distribution/policies.json` -- **Snap package**: Policies not supported via traditional methods +* **Debian/Ubuntu**: `/etc/firefox/policies/policies.json` +* **RHEL/CentOS/Fedora**: `/usr/lib64/firefox/distribution/policies.json` +* **SUSE/openSUSE**: `/usr/lib/firefox/distribution/policies.json` +* **Snap package**: Policies not supported via traditional methods **Automated Deployment:** Using Ansible: + ```yaml - name: Deploy Firefox Check Extension Policy copy: @@ -278,6 +286,7 @@ Using Ansible: ``` Using Puppet: + ```puppet file { '/etc/firefox/policies': ensure => directory, @@ -365,12 +374,13 @@ Configure a webhook to receive detection events: ``` **Available Event Types:** -- `detection_alert` - General phishing detection events -- `false_positive_report` - User-submitted false positive reports -- `page_blocked` - Page blocking events -- `rogue_app_detected` - OAuth rogue application detection -- `threat_detected` - General threat detection events -- `validation_event` - Legitimate page validation events + +* `detection_alert` - General phishing detection events +* `false_positive_report` - User-submitted false positive reports +* `page_blocked` - Page blocking events +* `rogue_app_detected` - OAuth rogue application detection +* `threat_detected` - General threat detection events +* `validation_event` - Legitimate page validation events For webhook payload schema and implementation details, see the [Webhook Documentation](../webhooks.md). @@ -438,7 +448,7 @@ To force an immediate update: **Common causes:** 1. **Unsigned extension**: Production deployments require signed .xpi -2. **Unreachable URL**: Verify the install_url is accessible +2. **Unreachable URL**: Verify the install\_url is accessible 3. **Network restrictions**: Check firewall/proxy settings 4. **Firefox version**: Ensure Firefox 109+ @@ -493,13 +503,13 @@ Remove the entire policies file (will remove all managed extensions and policies ## Support Resources -- **Template**: `enterprise/firefox/policies.json` -- **Schema**: `config/managed_schema.json` -- **Firefox Policies**: [Mozilla Policy Documentation](https://github.com/mozilla/policy-templates) -- **General Support**: See [Firefox Support](../firefox-support.md) +* **Template**: `enterprise/firefox/policies.json` +* **Schema**: `config/managed_schema.json` +* **Firefox Policies**: [Mozilla Policy Documentation](https://github.com/mozilla/policy-templates) +* **General Support**: See [Firefox Support](../firefox-support.md) ## Additional Resources -- [Firefox Enterprise Support](https://support.mozilla.org/en-US/products/firefox-enterprise) -- [Firefox Policy Templates](https://github.com/mozilla/policy-templates) -- [Enterprise Information for IT](https://support.mozilla.org/en-US/kb/enterprise-information-it) +* [Firefox Enterprise Support](https://support.mozilla.org/en-US/products/firefox-enterprise) +* [Firefox Policy Templates](https://github.com/mozilla/policy-templates) +* [Enterprise Information for IT](https://support.mozilla.org/en-US/kb/enterprise-information-it) diff --git a/docs/firefox-support.md b/docs/firefox-support.md index dedbc3dc..b74c4820 100644 --- a/docs/firefox-support.md +++ b/docs/firefox-support.md @@ -1,3 +1,8 @@ +--- +hidden: true +noIndex: true +--- + # Firefox Support Check fully supports Firefox 109+ with all the same phishing protection features available in Chrome and Edge. This page covers installation, deployment, and Firefox-specific considerations. @@ -35,26 +40,28 @@ git checkout manifest.json The Firefox version of Check includes several technical differences from the Chrome/Edge version to ensure compatibility: ### Manifest Differences -- **Background Scripts**: Uses `background.scripts` instead of `service_worker` -- **Content Scripts**: Excludes `file:///` protocol (not supported in Firefox) -- **Options Page**: Uses `options_ui` instead of `options_page` -- **Browser Settings**: Includes `browser_specific_settings` with Gecko ID `check@cyberdrain.com` -- **Permissions**: Excludes `identity.email` permission (not needed in Firefox) + +* **Background Scripts**: Uses `background.scripts` instead of `service_worker` +* **Content Scripts**: Excludes `file:///` protocol (not supported in Firefox) +* **Options Page**: Uses `options_ui` instead of `options_page` +* **Browser Settings**: Includes `browser_specific_settings` with Gecko ID `check@cyberdrain.com` +* **Permissions**: Excludes `identity.email` permission (not needed in Firefox) ### Cross-Browser Compatibility Check uses a browser polyfill (`scripts/browser-polyfill.js`) to handle API differences between Chrome and Firefox automatically. This ensures that: -- Extension APIs work consistently across browsers -- Code can be written once and work everywhere -- Updates maintain compatibility with all supported browsers + +* Extension APIs work consistently across browsers +* Code can be written once and work everywhere +* Updates maintain compatibility with all supported browsers ## Enterprise Deployment ### Prerequisites -- Firefox 109 or later -- Administrator access for system-wide deployment -- Extension signed by Mozilla (for permanent installation) +* Firefox 109 or later +* Administrator access for system-wide deployment +* Extension signed by Mozilla (for permanent installation) ### Deployment Methods @@ -62,36 +69,35 @@ Firefox supports enterprise deployment through the `policies.json` file. This me #### Windows Deployment -1. Create or edit the policies file at: - ``` - %ProgramFiles%\Mozilla Firefox\distribution\policies.json - ``` +1. Create or edit the policies file at: + ``` + %ProgramFiles%\Mozilla Firefox\distribution\policies.json + ``` 2. Use the template from `enterprise/firefox/policies.json` in the repository +3. Update the `install_url` to point to your signed .xpi file: -3. Update the `install_url` to point to your signed .xpi file: - ```json - { - "policies": { - "Extensions": { - "Install": ["https://your-server.com/check-extension.xpi"] - } - } - } - ``` + ```json + { + "policies": { + "Extensions": { + "Install": ["https://your-server.com/check-extension.xpi"] + } + } + } + ``` #### macOS/Linux Deployment 1. Create the policies file at: - - **macOS**: `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` - - **Linux**: `/etc/firefox/policies/policies.json` or `/usr/lib/firefox/distribution/policies.json` - + * **macOS**: `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` + * **Linux**: `/etc/firefox/policies/policies.json` or `/usr/lib/firefox/distribution/policies.json` 2. Use the template from `enterprise/firefox/policies.json` +3. Set proper permissions: -3. Set proper permissions: - ```bash - sudo chmod 644 /path/to/policies.json - ``` + ```bash + sudo chmod 644 /path/to/policies.json + ``` ### Extension Configuration @@ -167,6 +173,7 @@ To force-install Check and prevent users from disabling it: ### Development Signing For testing purposes, you can use Firefox's developer mode: + 1. Navigate to `about:config` 2. Set `xpinstall.signatures.required` to `false` 3. Load the extension as a temporary add-on @@ -180,11 +187,12 @@ Disabling signature verification is only recommended for development and testing For production deployment, you need to sign the extension with Mozilla: 1. Create a Mozilla Add-ons account at [addons.mozilla.org](https://addons.mozilla.org) -2. Package your extension: - ```bash - npm run build:firefox - zip -r check-firefox.zip . -x ".*" "node_modules/*" "tests/*" "*.md" "manifest.chrome.json" - ``` +2. Package your extension: + + ```bash + npm run build:firefox + zip -r check-firefox.zip . -x ".*" "node_modules/*" "tests/*" "*.md" "manifest.chrome.json" + ``` 3. Submit to Mozilla for signing (unlisted distribution for enterprise) 4. Download the signed .xpi file 5. Host the .xpi file on your server or use Mozilla's CDN @@ -192,6 +200,7 @@ For production deployment, you need to sign the extension with Mozilla: ### Self-Distribution For enterprise environments, you can self-distribute the signed .xpi: + 1. Host the .xpi file on an internal web server 2. Configure `policies.json` with your internal URL 3. Deploy the policies file to managed devices @@ -203,9 +212,9 @@ For enterprise environments, you can self-distribute the signed .xpi: 1. Load the extension using the Quick Start instructions 2. Open the test page: `test-extension-loading.html` 3. Verify that all components load correctly: - - Background scripts initialize - - Content scripts inject on pages - - Popup and options pages display correctly + * Background scripts initialize + * Content scripts inject on pages + * Popup and options pages display correctly ### Testing Detection Rules @@ -218,18 +227,18 @@ For enterprise environments, you can self-distribute the signed .xpi: When contributing or making changes, always test in both Chrome/Edge and Firefox: -1. Test in Chrome/Edge: - ```bash - npm run build:chrome - # Load in Chrome - ``` +1. Test in Chrome/Edge: -2. Test in Firefox: - ```bash - npm run build:firefox - # Load in Firefox - ``` + ```bash + npm run build:chrome + # Load in Chrome + ``` +2. Test in Firefox: + ```bash + npm run build:firefox + # Load in Firefox + ``` 3. Verify consistent behavior across browsers 4. Check for Firefox-specific console errors or warnings @@ -240,64 +249,71 @@ When contributing or making changes, always test in both Chrome/Edge and Firefox **Problem**: Extension doesn't load or shows errors **Solutions**: -- Ensure you ran `npm run build:firefox` before loading -- Check that Firefox version is 109 or later -- Look for errors in Browser Console (Ctrl+Shift+J) -- Verify manifest.json has Firefox-specific structure + +* Ensure you ran `npm run build:firefox` before loading +* Check that Firefox version is 109 or later +* Look for errors in Browser Console (Ctrl+Shift+J) +* Verify manifest.json has Firefox-specific structure ### Background Scripts Not Working **Problem**: Background functionality fails in Firefox **Solutions**: -- Firefox uses `background.scripts` not `service_worker` -- Verify the build script ran successfully -- Check for module loading errors in the Browser Console + +* Firefox uses `background.scripts` not `service_worker` +* Verify the build script ran successfully +* Check for module loading errors in the Browser Console ### Policies Not Applied **Problem**: Enterprise policies not taking effect **Solutions**: -- Verify policies.json is in the correct location for your OS -- Check file permissions (must be readable by Firefox) -- Restart Firefox after adding/modifying policies -- Use `about:policies` to verify policy application -- Check JSON syntax in policies.json + +* Verify policies.json is in the correct location for your OS +* Check file permissions (must be readable by Firefox) +* Restart Firefox after adding/modifying policies +* Use `about:policies` to verify policy application +* Check JSON syntax in policies.json ### Extension Removed on Restart **Problem**: Extension disappears when Firefox restarts **Solutions**: -- Temporary add-ons are removed on restart - this is expected -- For permanent installation, use enterprise deployment with signed .xpi -- Alternatively, sign the extension through Mozilla's process + +* Temporary add-ons are removed on restart - this is expected +* For permanent installation, use enterprise deployment with signed .xpi +* Alternatively, sign the extension through Mozilla's process ### Content Scripts Not Injecting **Problem**: Content scripts don't run on web pages **Solutions**: -- Firefox doesn't support `file:///` protocol in content scripts -- Ensure you're testing on `http://` or `https://` URLs -- Check content script permissions in manifest + +* Firefox doesn't support `file:///` protocol in content scripts +* Ensure you're testing on `http://` or `https://` URLs +* Check content script permissions in manifest ## Firefox Extension ID The Firefox extension uses the ID: `check@cyberdrain.com` This ID is configured in the `browser_specific_settings` section of `manifest.firefox.json` and is required for: -- Enterprise policy management -- Extension configuration -- Add-on signing and distribution + +* Enterprise policy management +* Extension configuration +* Add-on signing and distribution ## Support For Firefox-specific issues: -- Check the [Common Issues](troubleshooting/common-issues.md) guide -- Review Firefox Browser Console for errors -- Verify you're using Firefox 109 or later -- Ensure the extension was built for Firefox using `npm run build:firefox` -For general extension support, see the main [README](../README.md) and [CONTRIBUTING](../CONTRIBUTING.md) guides. +* Check the [Common Issues](troubleshooting/common-issues.md) guide +* Review Firefox Browser Console for errors +* Verify you're using Firefox 109 or later +* Ensure the extension was built for Firefox using `npm run build:firefox` + +For general extension support, see the main [README](../) and [CONTRIBUTING](../CONTRIBUTING.md) guides. diff --git a/docs/settings/about.md b/docs/settings/about.md index c4947997..1651eee5 100644 --- a/docs/settings/about.md +++ b/docs/settings/about.md @@ -1,4 +1,4 @@ -# About Check +# About The About section provides information about your Check installation, version details, and links to important resources. @@ -8,15 +8,15 @@ The About section provides information about your Check installation, version de The About section displays key information about your Check installation: -- **Extension Version** - The current version of the Check extension installed in your browser -- **Detection Rules Version** - The version of the detection rules currently loaded (from either default or custom source) -- **Last Updated** - When the detection rules were last refreshed from their source +* **Extension Version** - The current version of the Check extension installed in your browser +* **Detection Rules Version** - The version of the detection rules currently loaded (from either default or custom source) +* **Last Updated** - When the detection rules were last refreshed from their source This information is useful when: -- Reporting issues to support -- Verifying you have the latest updates -- Troubleshooting detection problems +* Reporting issues to support +* Verifying you have the latest updates +* Troubleshooting detection problems ### Product Information @@ -36,10 +36,11 @@ The About section provides quick access to essential resources: ### Extension Stores -- **Chrome Web Store** - Download, rate, and review the extension for Chrome and Chromium-based browsers -- **Edge Web Store** - Download and rate the extension for Microsoft Edge +* [**Chrome Web Store**](https://chromewebstore.google.com/detail/benimdeioplgkhanklclahllklceahbe) - Download, rate, and review the extension for Chrome and Chromium-based browsers +* [**Edge Add Ons Store**](https://microsoftedge.microsoft.com/addons/detail/check-by-cyberdrain/knepjpocdagponkonnbggpcnhnaikajg) - Download and rate the extension for Microsoft Edge +* Firefox Add-Ons - Coming soon! ### Development and Support -- **[GitHub Repository](https://github.com/CyberDrain/Check)** - View source code, report issues, and contribute to the project -- **[CyberDrain Website](https://cyberdrain.com)** - Learn more about CyberDrain's solutions and services +* [**GitHub Repository**](https://github.com/CyberDrain/Check) - View source code, report issues, and contribute to the project +* [**CyberDrain Website**](https://cyberdrain.com) - Learn more about CyberDrain's solutions and services diff --git a/docs/settings/branding.md b/docs/settings/branding.md index f6860a38..a4dce7b6 100644 --- a/docs/settings/branding.md +++ b/docs/settings/branding.md @@ -12,15 +12,15 @@ Most individual users can skip this section unless they want to personalize the All user-facing components (suspicious login banner, blocked page, extension popup, and options page) use the same branding configuration. Your custom branding will be displayed consistently across: -- **Suspicious Login Banner** - Warning banner shown on potentially malicious sites -- **Blocked Page** - Full-page block screen for confirmed threats -- **Extension Popup** - Extension icon popup -- **Options Page** - Extension settings page +* **Suspicious Login Banner** - Warning banner shown on potentially malicious sites +* **Blocked Page** - Full-page block screen for confirmed threats +* **Extension Popup** - Extension icon popup +* **Options Page** - Extension settings page ## Company Information {% hint style="warning" %} -#### What if Settings Are Not Visible? +**What if Settings Are Not Visible?** If some settings do not appear on your version, it means your organization's IT department has set these for you. This is normal in business environments - your IT team wants to make sure everyone has the same security settings. You will also see text indicating that the extension is being managed by policy. {% endhint %} @@ -29,8 +29,8 @@ If some settings do not appear on your version, it means your organization's IT You can customize the following properties: -1. **Company Name** - Enter your organization's name. This appears in the extension interface and blocked page messages (displayed as "Protected by [Company Name]"). -2. **Company URL** - Your company website URL (e.g., `https://yourcompany.com`). Used in extension branding and contact information. *(Firefox: required, Chrome/Edge: optional)* +1. **Company Name** - Enter your organization's name. This appears in the extension interface and blocked page messages (displayed as "Protected by \[Company Name]"). +2. **Company URL** - Your company website URL (e.g., `https://yourcompany.com`). Used in extension branding and contact information. _(Firefox: required, Chrome/Edge: optional)_ 3. **Product Name** - What you want to call the extension (like "Contoso Security" instead of "Check"). This replaces the default "Check" branding throughout the interface. 4. **Support Email** - Where users should go for help. This email address is used in the "Contact Admin" button when phishing sites are blocked. @@ -56,10 +56,10 @@ The branding preview shows you exactly how your customizations will appear to us 1. Open the extension's Options page 2. Navigate to the "Branding" section 3. Fill in your branding information: - - Company Name - - Logo (upload or provide URL) - - Primary Color - - Support Email + * Company Name + * Logo (upload or provide URL) + * Primary Color + * Support Email 4. Click "Save" Your branding will be immediately applied to all components. @@ -93,10 +93,9 @@ For enterprise deployments using Windows Group Policy: For Firefox deployments, configure branding through the `policies.json` file: 1. Locate or create the policies file: - - **Windows:** `%ProgramFiles%\Mozilla Firefox\distribution\policies.json` - - **macOS:** `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` - - **Linux:** `/etc/firefox/policies/policies.json` - + * **Windows:** `%ProgramFiles%\Mozilla Firefox\distribution\policies.json` + * **macOS:** `/Applications/Firefox.app/Contents/Resources/distribution/policies.json` + * **Linux:** `/etc/firefox/policies/policies.json` 2. Add the branding configuration under `3rdparty.Extensions`: ```json @@ -199,15 +198,17 @@ Enterprise policies always take precedence over manual settings. ## Browser-Specific Notes ### Firefox -- Uses extension ID: `check@cyberdrain.com` -- Configuration is managed through `policies.json` file -- Supports additional `companyURL` property -- Policies file location varies by operating system + +* Uses extension ID: `check@cyberdrain.com` +* Configuration is managed through `policies.json` file +* Supports additional `companyURL` property +* Policies file location varies by operating system ### Chrome & Edge -- Configuration through GPO, Intune, or Chrome Enterprise Policy -- Uses Windows Registry for advanced configurations -- Supports standard Chrome extension policy format + +* Configuration through GPO, Intune, or Chrome Enterprise Policy +* Uses Windows Registry for advanced configurations +* Supports standard Chrome extension policy format ## Troubleshooting Branding Issues @@ -234,16 +235,18 @@ Enterprise policies always take precedence over manual settings. 3. Clear your browser cache if problems persist ### **Branding Not Appearing** -- Verify the configuration is saved correctly -- Check browser console for errors -- Ensure logo URLs are accessible -- Restart the browser after configuration changes + +* Verify the configuration is saved correctly +* Check browser console for errors +* Ensure logo URLs are accessible +* Restart the browser after configuration changes ### **Enterprise Policy Not Working** -- Verify the policy is applied to the correct organizational unit -- Check that the extension ID matches your deployment -- Allow 15-30 minutes for policy propagation -- Run `gpupdate /force` on Windows to force policy refresh + +* Verify the policy is applied to the correct organizational unit +* Check that the extension ID matches your deployment +* Allow 15-30 minutes for policy propagation +* Run `gpupdate /force` on Windows to force policy refresh ## Example Configurations @@ -314,14 +317,3 @@ Logo URL: https://assets.globalmfg.com/security/gmi-logo-48.png } } ``` - -## Additional Resources - -### Firefox-Specific Documentation -- [Firefox Support Guide](../firefox-support.md) -- [Firefox Deployment Guide](../deployment/firefox-deployment.md) -- Template: `enterprise/firefox/policies.json` - -### Chrome/Edge Documentation -- [Chrome/Edge Deployment](../deployment/chrome-edge-deployment-instructions/README.md) -- Schema: `config/managed_schema.json` \ No newline at end of file From e4b644d0f1fafe8da166e0ee7f57bd32c02a51f2 Mon Sep 17 00:00:00 2001 From: Brian Simpson Date: Thu, 18 Dec 2025 15:07:24 +0000 Subject: [PATCH 02/11] GITBOOK-66: Fix Firefox Button Display Issues --- docs/README.md | 2 +- docs/deployment/firefox-deployment.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 2c7ccbaf..6d7918a9 100644 --- a/docs/README.md +++ b/docs/README.md @@ -32,7 +32,7 @@ Check is completely free, open source, and can be delivered to users completely Installing the plugin immediately gives you protection against AITM attacks and takes seconds. Click the install button and you're good to go. -Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) +Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) ## Why was Check created? diff --git a/docs/deployment/firefox-deployment.md b/docs/deployment/firefox-deployment.md index 6dbf4351..9b9d4d3e 100644 --- a/docs/deployment/firefox-deployment.md +++ b/docs/deployment/firefox-deployment.md @@ -1,4 +1,5 @@ --- +hidden: true noIndex: true --- From c23a2baff5afb44c87d7fcae2d3be742df6c5e01 Mon Sep 17 00:00:00 2001 From: Brian Simpson Date: Thu, 18 Dec 2025 15:09:35 +0000 Subject: [PATCH 03/11] GITBOOK-67: No subject --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 6d7918a9..eb94efdb 100644 --- a/docs/README.md +++ b/docs/README.md @@ -32,7 +32,7 @@ Check is completely free, open source, and can be delivered to users completely Installing the plugin immediately gives you protection against AITM attacks and takes seconds. Click the install button and you're good to go. -Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) +Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) ## Why was Check created? From 7866b892de952cc4cdcdebdac6bcc8c0ae36ec0d Mon Sep 17 00:00:00 2001 From: Brian Simpson Date: Thu, 18 Dec 2025 15:10:16 +0000 Subject: [PATCH 04/11] GITBOOK-68: No subject --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index eb94efdb..fa496fb8 100644 --- a/docs/README.md +++ b/docs/README.md @@ -32,7 +32,7 @@ Check is completely free, open source, and can be delivered to users completely Installing the plugin immediately gives you protection against AITM attacks and takes seconds. Click the install button and you're good to go. -Install for Edge **OR** Install for Chrome OR Firefox (Coming Soon!) +Install for Edge **OR** Install for Chrome **OR** Firefox (Coming Soon!) ## Why was Check created? From 739b735b9afcd850747544fb31ce4f66dfc5cf33 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 19 Dec 2025 20:42:38 -0500 Subject: [PATCH 05/11] Allow multiple subdomain levels for Microsoft.com --- rules/detection-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/detection-rules.json b/rules/detection-rules.json index 46f448a7..5e8531e9 100644 --- a/rules/detection-rules.json +++ b/rules/detection-rules.json @@ -11,7 +11,7 @@ "^https:\\/\\/login\\.live\\.com$" ], "microsoft_domain_patterns": [ - "^https:\\/\\/[^.]*\\.microsoft\\.com$", + "^https:\\/\\/*\\.microsoft\\.com$", "^https:\\/\\/[^.]*\\.microsoftonline\\.com$", "^https:\\/\\/[^.]*\\.office\\.com$", "^https:\\/\\/[^.]*\\.office365\\.com$", From 41234725075247627e8d3c68bda482a6327b9ea1 Mon Sep 17 00:00:00 2001 From: Zacgoose <107489668+Zacgoose@users.noreply.github.com> Date: Fri, 19 Dec 2025 21:30:59 +0800 Subject: [PATCH 06/11] Update options.js --- options/options.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/options/options.js b/options/options.js index 6974be00..1de58084 100644 --- a/options/options.js +++ b/options/options.js @@ -1383,6 +1383,18 @@ class CheckOptions { this.elements.configDisplay.innerHTML = '
Loading configuration...
'; + // Try to load from cache first (this reflects what's actually being used) + const cacheResult = await chrome.storage.local.get(["detection_rules_cache"]); + const cached = cacheResult?.detection_rules_cache; + + if (cached && cached.rules) { + // Use cached rules which reflect the actual loaded configuration + this.currentConfigData = cached.rules; + this.updateConfigDisplay(); + return; + } + + // Fallback to packaged rules if no cache exists const controller = new AbortController(); const timeoutId = setTimeout(() => controller.abort(), 5000); From a9843aa0064fdbfd6fae8aeb1f07bea68362acaa Mon Sep 17 00:00:00 2001 From: Zacgoose <107489668+Zacgoose@users.noreply.github.com> Date: Sat, 20 Dec 2025 10:08:01 +0800 Subject: [PATCH 07/11] Update detection-rules.json (#117) * Update detection-rules.json Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com> * Update detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Duprey * Update detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Duprey * Update rules/detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com> * Update detection-rules.json Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com> --------- Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com> Signed-off-by: John Duprey Co-authored-by: KelvinTegelaar <49186168+KelvinTegelaar@users.noreply.github.com> Co-authored-by: John Duprey Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- rules/detection-rules.json | 51 +++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/rules/detection-rules.json b/rules/detection-rules.json index 5e8531e9..fadedaf5 100644 --- a/rules/detection-rules.json +++ b/rules/detection-rules.json @@ -1,6 +1,6 @@ { - "version": "1.0.8", - "lastUpdated": "2024-12-04T12:00:00Z", + "version": "1.1.0", + "lastUpdated": "2024-12-20T00:00:00Z", "description": "Phishing detection logic for identifying phishing attempts targeting Microsoft 365 login pages", "trusted_login_patterns": [ "^https:\\/\\/login\\.microsoftonline\\.(com|us)$", @@ -8,32 +8,33 @@ "^https:\\/\\/login\\.microsoft\\.net$", "^https:\\/\\/login\\.windows\\.net$", "^https:\\/\\/login\\.partner\\.microsoftonline\\.cn$", - "^https:\\/\\/login\\.live\\.com$" + "^https:\\/\\/login\\.live\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)?ciamlogin\\.com$" ], "microsoft_domain_patterns": [ - "^https:\\/\\/*\\.microsoft\\.com$", - "^https:\\/\\/[^.]*\\.microsoftonline\\.com$", - "^https:\\/\\/[^.]*\\.office\\.com$", - "^https:\\/\\/[^.]*\\.office365\\.com$", - "^https:\\/\\/[^.]*\\.sharepoint\\.com$", - "^https:\\/\\/[^.]*\\.onedrive\\.com$", - "^https:\\/\\/[^.]*\\.live\\.com$", - "^https:\\/\\/[^.]*\\.hotmail\\.com$", - "^https:\\/\\/[^.]*\\.outlook\\.com$", - "^https:\\/\\/.*\\.azure\\.(com|cn|net)$", - "^https:\\/\\/[^.]*\\.azurewebsites\\.net$", - "^https:\\/\\/[^.]*\\.msauth\\.net$", - "^https:\\/\\/[^.]*\\.msftauth\\.net$", - "^https:\\/\\/[^.]*\\.msftauthimages\\.net$", - "^https:\\/\\/[^.]*\\.msauthimages\\.net$", - "^https:\\/\\/[^.]*\\.msidentity\\.com$", - "^https:\\/\\/[^.]*\\.microsoftonline-p\\.com$", - "^https:\\/\\/[^.]*\\.microsoftazuread-sso\\.com$", - "^https:\\/\\/[^.]*\\.azureedge\\.net$", - "^https:\\/\\/[^.]*\\.bing\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoft\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoftonline\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*office\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*office365\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*sharepoint\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*onedrive\\.com$", + "^https:\\/\\/(?!login\\.live\\.com$)([a-zA-Z0-9-]+\\.)*live\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*hotmail\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*outlook\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*azure\\.(com|cn|net)$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*azurewebsites\\.net$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*msauth\\.net$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*msftauth\\.net$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*msftauthimages\\.net$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*msauthimages\\.net$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*msidentity\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoftonline-p\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoftazuread-sso\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*azureedge\\.net$", + "^https:\\/\\/(([a-zA-Z0-9-]+\\.)+)?bing\\.com$", "^https:\\/\\/github\\.com$", - "^https:\\/\\/.*\\.cloud\\.microsoft$", - "^https:\\/\\/([^.]+\\.)*live\\.com(/.*)?$" + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*cloud\\.microsoft$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*powerbi\\.com$" ], "exclusion_system": { "description": "Centralized exclusion system to prevent false positives on legitimate sites (Microsoft partners, SSO providers, major platforms)", From 7c6f4bbc5f8fdbbcd8441a5f5e0633c4a7bbd8c7 Mon Sep 17 00:00:00 2001 From: Zacgoose <107489668+Zacgoose@users.noreply.github.com> Date: Sat, 20 Dec 2025 10:11:25 +0800 Subject: [PATCH 08/11] Replace ProjectX --- AGENTS.md | 2 +- CHANGELOG.md | 20 +++++++++---------- LICENSE | 2 +- .../check-extension-config.mobileconfig | 2 +- .../macos-linux/deploy-extension-prefs.sh | 2 +- options/options.html | 2 +- options/options.js | 2 +- package-lock.json | 4 ++-- package.json | 2 +- scripts/modules/config-manager.js | 2 +- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 58f3089f..c20c4692 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,4 +1,4 @@ -# ProjectX Agent Guide +# Check Agent Guide ## Purpose and Scope - Manifest V3 browser extension that detects phishing sites impersonating Microsoft 365 sign-in pages. diff --git a/CHANGELOG.md b/CHANGELOG.md index d056cdfe..f9acc60a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -### d02e0d1 - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### d02e0d1 - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: John Duprey - Date: 2025-08-29T14:27:08+02:00 - Files changed: @@ -81,7 +81,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - scripts/content.js - Fixed error in content script. -### 65b5476 - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 65b5476 - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: John Duprey - Date: 2025-08-29T13:56:03+02:00 - Files changed: @@ -110,7 +110,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - CHANGELOG.md - Added comprehensive branding asset history to the changelog. -### 35d2d3c - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 35d2d3c - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: John Duprey - Date: 2025-08-29T13:43:39+02:00 - Files changed: @@ -176,7 +176,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - test-extension-loading.html - Standardized quote style and corrected linting across multiple files (752 insertions, 623 deletions). -### 7efb6a5 - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 7efb6a5 - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: John Duprey - Date: 2025-08-29T13:36:45+02:00 - Files changed: @@ -214,7 +214,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - test-extension-loading.html - Renamed legacy references to Check across code and documentation. -### d94508e - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### d94508e - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: rvdwegen - Date: 2025-08-29T13:33:21+02:00 - Files changed: @@ -243,7 +243,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - CHANGELOG.md - Expanded changelog with per-commit details. -### 4225354 - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 4225354 - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: rvdwegen - Date: 2025-08-29T13:30:11+02:00 - Files changed: @@ -413,7 +413,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - docs/USER_GUIDE.md - Updated guides to align with repository structure. -### 632a6df - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 632a6df - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: John Duprey - Date: 2025-08-29T12:47:15+02:00 - Files changed: @@ -433,7 +433,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - rules/detection-rules.json - Revised detection rules JSON definitions. -### 2502595 - Merge branch 'main' of https://github.com/CyberDrain/ProjectX +### 2502595 - Merge branch 'main' of https://github.com/CyberDrain/Check - Contributor: rvdwegen - Date: 2025-08-29T12:43:14+02:00 - Files changed: @@ -536,5 +536,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - styles/content.css - Initial project scaffold with documentation, configuration, and detection rules. -[Unreleased]: https://github.com/CyberDrain/ProjectX/compare/0.1.0...HEAD -[0.1.0]: https://github.com/CyberDrain/ProjectX/releases/tag/0.1.0 +[Unreleased]: https://github.com/CyberDrain/Check/compare/0.1.0...HEAD +[0.1.0]: https://github.com/CyberDrain/Check/releases/tag/0.1.0 diff --git a/LICENSE b/LICENSE index ffc54f07..4851f696 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (C) 2025 ProjectX +Copyright (C) 2025 Check GNU AFFERO GENERAL PUBLIC LICENSE Version 3, 19 November 2007 diff --git a/enterprise/macos-linux/check-extension-config.mobileconfig b/enterprise/macos-linux/check-extension-config.mobileconfig index d90966ce..c3b77bb6 100644 --- a/enterprise/macos-linux/check-extension-config.mobileconfig +++ b/enterprise/macos-linux/check-extension-config.mobileconfig @@ -49,7 +49,7 @@ customRulesUrl Value - https://raw.githubusercontent.com/CyberDrain/ProjectX/refs/heads/main/rules/detection-rules.json + https://raw.githubusercontent.com/CyberDrain/Check/refs/heads/main/rules/detection-rules.json updateInterval diff --git a/enterprise/macos-linux/deploy-extension-prefs.sh b/enterprise/macos-linux/deploy-extension-prefs.sh index 40a24647..65b2b451 100644 --- a/enterprise/macos-linux/deploy-extension-prefs.sh +++ b/enterprise/macos-linux/deploy-extension-prefs.sh @@ -112,7 +112,7 @@ install_preferences() { log_info "Installing extension preferences..." # Chrome preferences - create_extension_preferences "$CHROME_PLIST_PATH" "Chrome" "https://raw.githubusercontent.com/CyberDrain/ProjectX/refs/heads/main/rules/detection-rules.json" + create_extension_preferences "$CHROME_PLIST_PATH" "Chrome" "https://raw.githubusercontent.com/CyberDrain/Check/refs/heads/main/rules/detection-rules.json" # Edge preferences create_extension_preferences "$EDGE_PLIST_PATH" "Edge" "" diff --git a/options/options.html b/options/options.html index 7cf1a0d6..7a69aead 100644 --- a/options/options.html +++ b/options/options.html @@ -225,7 +225,7 @@

Detection Configuration

URL to fetch detection configuration from (leave empty for default)

diff --git a/options/options.js b/options/options.js index 1de58084..a24dc1f0 100644 --- a/options/options.js +++ b/options/options.js @@ -2449,7 +2449,7 @@ class CheckOptions { cippServerUrl: "", cippTenantId: "", customRulesUrl: - "https://raw.githubusercontent.com/CyberDrain/ProjectX/refs/heads/main/rules/detection-rules.json", + "https://raw.githubusercontent.com/CyberDrain/Check/refs/heads/main/rules/detection-rules.json", updateInterval: 24, enableDebugLogging: false, // Note: enableDeveloperConsoleLogging is not policy-managed - remains under user control diff --git a/package-lock.json b/package-lock.json index 32b7389d..c0388973 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "projectx", + "name": "Check", "version": "1.0.0", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "projectx", + "name": "Check", "version": "1.0.0", "license": "ISC", "devDependencies": { diff --git a/package.json b/package.json index 1fc3f017..f954f1c2 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "name": "projectx", + "name": "Check", "version": "1.0.0", "description": "An open-source, Manifest V3 browser extension for detecting phishing attacks that impersonate Microsoft 365 sign-in pages.", "main": "index.js", diff --git a/scripts/modules/config-manager.js b/scripts/modules/config-manager.js index 99f10cbe..2627a06c 100644 --- a/scripts/modules/config-manager.js +++ b/scripts/modules/config-manager.js @@ -108,7 +108,7 @@ export class ConfigManager { cippServerUrl: "", cippTenantId: "", customRulesUrl: - "https://raw.githubusercontent.com/CyberDrain/ProjectX/refs/heads/main/rules/detection-rules.json", + "https://raw.githubusercontent.com/CyberDrain/Check/refs/heads/main/rules/detection-rules.json", updateInterval: 24, enableDebugLogging: false, // Note: enableDeveloperConsoleLogging is not policy-managed - remains under user control From c4a87328fb74ae137a95d46542f97063fbd8ce35 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 19 Dec 2025 21:27:00 -0500 Subject: [PATCH 09/11] Update rules/detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Duprey --- rules/detection-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/detection-rules.json b/rules/detection-rules.json index fadedaf5..96f664f2 100644 --- a/rules/detection-rules.json +++ b/rules/detection-rules.json @@ -1,6 +1,6 @@ { "version": "1.1.0", - "lastUpdated": "2024-12-20T00:00:00Z", + "lastUpdated": "2025-12-20T00:00:00Z", "description": "Phishing detection logic for identifying phishing attempts targeting Microsoft 365 login pages", "trusted_login_patterns": [ "^https:\\/\\/login\\.microsoftonline\\.(com|us)$", From dfb669cc2a344526d55337bb6c44dfb0b23e1932 Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 19 Dec 2025 21:27:59 -0500 Subject: [PATCH 10/11] Update rules/detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Duprey --- rules/detection-rules.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules/detection-rules.json b/rules/detection-rules.json index 96f664f2..0b509606 100644 --- a/rules/detection-rules.json +++ b/rules/detection-rules.json @@ -31,7 +31,7 @@ "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoftonline-p\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*microsoftazuread-sso\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*azureedge\\.net$", - "^https:\\/\\/(([a-zA-Z0-9-]+\\.)+)?bing\\.com$", + "^https:\\/\\/([a-zA-Z0-9-]+\\.)*bing\\.com$", "^https:\\/\\/github\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*cloud\\.microsoft$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*powerbi\\.com$" From a92bdcc9fc127d59b6c858739e36529bfecf077a Mon Sep 17 00:00:00 2001 From: John Duprey Date: Fri, 19 Dec 2025 21:28:12 -0500 Subject: [PATCH 11/11] Update rules/detection-rules.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: John Duprey --- rules/detection-rules.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rules/detection-rules.json b/rules/detection-rules.json index 0b509606..a8bdeac0 100644 --- a/rules/detection-rules.json +++ b/rules/detection-rules.json @@ -18,7 +18,8 @@ "^https:\\/\\/([a-zA-Z0-9-]+\\.)*office365\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*sharepoint\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*onedrive\\.com$", - "^https:\\/\\/(?!login\\.live\\.com$)([a-zA-Z0-9-]+\\.)*live\\.com$", + "^https:\\/\\/live\\.com$", + "^https:\\/\\/(?!login\\.)[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*\\.live\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*hotmail\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*outlook\\.com$", "^https:\\/\\/([a-zA-Z0-9-]+\\.)*azure\\.(com|cn|net)$",