diff --git a/apps/browser/src/manifest.v3.json b/apps/browser/src/manifest.v3.json index 7d1a0fb58e9..44d5c71e9b3 100644 --- a/apps/browser/src/manifest.v3.json +++ b/apps/browser/src/manifest.v3.json @@ -175,6 +175,7 @@ "overlay/menu.html", "overlay/button.html", "overlay/list.html", + "phishing/warning.html", "popup/fonts/*" ], "matches": [""] diff --git a/apps/browser/src/phishing-detection/pages/warning.html b/apps/browser/src/phishing-detection/pages/warning.html new file mode 100644 index 00000000000..1f7e7af61d1 --- /dev/null +++ b/apps/browser/src/phishing-detection/pages/warning.html @@ -0,0 +1,87 @@ + + + + + + Phishing site detected + + + Bitwarden logo + +
+
🏢⚠️
+ +

Phishing site detected

+ +

+ Bitwarden has prevented this page from loading. +

+ +
+ + +
+ + + Exit page + +
+ +
+ Question? + Action here +
+ + diff --git a/apps/browser/src/phishing-detection/phishing-detection.enum.ts b/apps/browser/src/phishing-detection/phishing-detection.enum.ts index 0bea27af8b9..29ff04f7813 100644 --- a/apps/browser/src/phishing-detection/phishing-detection.enum.ts +++ b/apps/browser/src/phishing-detection/phishing-detection.enum.ts @@ -1,3 +1,4 @@ export enum PhishingDetectionCommands { CheckUrl = "CheckUrl", + RedirectToWarningPage = "RedirectToWarningPage", } diff --git a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts index 90251eb13cd..9cb1c76d8a7 100644 --- a/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts +++ b/apps/browser/src/phishing-detection/trigger-phishing-detection-script-injection.ts @@ -23,14 +23,21 @@ async function loadPhishingDetectionContent() { if (!response) { return; } - const { isPhishingDomain } = response; - if (isPhishingDomain) { - const url = new URL(activeUrl); - - PhishingDetectionBrowserService.notifyUser(url.hostname); + if (!isPhishingDomain) { + return; } + + const url = new URL(activeUrl); + + const warningUrl = chrome.runtime.getURL("phishing/warning.html"); + + await chrome.runtime.sendMessage({ + command: PhishingDetectionCommands.RedirectToWarningPage, + url: warningUrl, + phishingHost: url.hostname, + }); } logService.info("Phishing Detection Service loaded."); diff --git a/apps/browser/src/platform/services/phishing-detection.service.ts b/apps/browser/src/platform/services/phishing-detection.service.ts index 39820659f94..1db9eeee173 100644 --- a/apps/browser/src/platform/services/phishing-detection.service.ts +++ b/apps/browser/src/platform/services/phishing-detection.service.ts @@ -35,7 +35,7 @@ export class PhishingDetectionService { PhishingDetectionService.storageService = storageService; PhishingDetectionService.taskSchedulerService = taskSchedulerService; - PhishingDetectionService.setupCheckUrlListener(); + PhishingDetectionService.setupListeners(); // Register the update task this.taskSchedulerService.registerTaskHandler( @@ -223,4 +223,21 @@ export class PhishingDetectionService { } }); } + + static setupRedirectToWarningPageListener(): void { + BrowserApi.addListener(chrome.runtime.onMessage, async (message, sender, sendResponse) => { + if (message.command === PhishingDetectionCommands.RedirectToWarningPage) { + PhishingDetectionService.logService.debug("RedirectToWarningPage handler", { + message, + }); + + await chrome.tabs.update(sender.tab.id, { url: message.url }); + } + }); + } + + static setupListeners(): void { + this.setupCheckUrlListener(); + this.setupRedirectToWarningPageListener(); + } } diff --git a/apps/browser/webpack.config.js b/apps/browser/webpack.config.js index 238f4bfb39c..29a7bcdcf2a 100644 --- a/apps/browser/webpack.config.js +++ b/apps/browser/webpack.config.js @@ -145,6 +145,11 @@ const plugins = [ filename: "overlay/list.html", chunks: ["overlay/list"], }), + new HtmlWebpackPlugin({ + template: "./src/phishing-detection/pages/warning.html", + filename: "phishing/warning.html", + chunks: ["phishing/warning"], + }), new CopyWebpackPlugin({ patterns: [ {