Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ethereum Phishing Detection: cannot "continue at own risk" #6734

Closed
ryzr opened this issue Nov 3, 2019 · 4 comments
Closed

Ethereum Phishing Detection: cannot "continue at own risk" #6734

ryzr opened this issue Nov 3, 2019 · 4 comments
Assignees
@ryanml
Labels
bug feature/ethereum-remote-client priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude
Milestone
Ethereum Remote C...

Comments

@ryzr
Copy link

ryzr commented Nov 3, 2019

Description

I'm building a website locally under a .test domain (crypto.test), which seems to be fuzzymatching blacklisted domains on the Metamask Eth Phishing Detection extension (built-in to Brave, it appears?). There is a link to continue at own risk, but clicking it doesn't appear to do anything.

Steps to Reproduce

  1. Visit a site with a name that fuzzy matches "mycrypto.com". You could try "http://mcrypto.com/"
  2. Click a#unsafe-continue "continuing at your own risk"

Screen Shot 2019-11-03 at 12 57 57 PM

Actual result:

Nothing happens

Expected result:

Remove warning page and continue to the intended site.

Reproduces how often:

100%

Brave version (brave://version info)

Brave 0.70.121 Chromium: 78.0.3904.70 (Official Build) (64-bit)
Revision edb9c9f3de0247fd912a77b7f6cae7447f6d3ad5-refs/branch-heads/3904@{#800}
OS macOS Version 10.14.6 (Build 18G95)
JavaScript V8 7.8.279.17
Flash (Disabled)
User Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36

Version/Channel Information:

  • Can you reproduce this issue with the current release? Yes
  • Can you reproduce this issue with the beta channel? No attempt
  • Can you reproduce this issue with the dev channel? No attempt
  • Can you reproduce this issue with the nightly channel? No attempt

Other Additional Information:

  • Does the issue resolve itself when disabling Brave Shields? No
  • Does the issue resolve itself when disabling Brave Rewards? No
  • Is the issue reproducible on the latest version of Chrome? No

Miscellaneous Information:

I have "Safe Browsing (protects you and your device from dangerous sites)" disabled and I've also tried disabling Brave Wallet, but this did not fix the issue.
@srirambv
Copy link
Contributor

srirambv commented Nov 3, 2019

Confirmed an issue with Crypto wallet. Doesn't navigate to the site. If MM is installed and CW not enabled, visiting the site gets blocked by MM page, clicking the anchor tag redirects to CW Etherum phishing link which again blocks and doesn't redirect.

cc: @bbondy

@tildelowengrimm tildelowengrimm added the priority/P3 The next thing for us to work on. It'll ride the trains. label Nov 13, 2019
@srirambv srirambv mentioned this issue Jan 6, 2020
Closed
@srirambv
Copy link
Contributor

srirambv commented Jan 6, 2020

+1 from @Arcbot-ArcusBD via #7610

@ryanml ryanml self-assigned this Jan 6, 2020
@ryanml ryanml added this to the Ethereum Remote Client 1.0.15 milestone Jan 6, 2020
@ryanml
Copy link
Contributor

ryanml commented Jan 6, 2020

This is fixed in 1.0.15, added to milestone

@ryanml ryanml closed this as completed Jan 6, 2020
@srirambv
Copy link
Contributor

srirambv commented Jan 8, 2020
edited
Loading

Verification passed on

Brave 1.2.41 Chromium: 79.0.3945.88 (Official Build) (64-bit)
Revision c2a58a36b9411c80829b4b154bfcab97e581f1f3-refs/branch-heads/3945@{#954}
OS Linux
Component 0.1.34
  • Verified on http://mcrypto.com and https://www.arcus.mx/
  • Verified clicking on continuing at your own risk. on the phishing page navigates to the landing page properly

Verification passed on

Brave 1.3.87 Chromium: 79.0.3945.117 (Official Build) beta (64-bit)
Revision 04f0a055010adab4484f7497fbfdbf312c307f1d-refs/branch-heads/3945@{#1019}
OS Windows 10 OS Version 1803 (Build 17134.523)
Component 0.1.35
  • Verified on http://mcrypto.com and https://www.arcus.mx/
  • Verified clicking on continuing at your own risk. on the phishing page navigates to the landing page properly

Verification passed on

Brave 1.5.18 Chromium: 79.0.3945.117 (Official Build) nightly (64-bit)
Revision 04f0a055010adab4484f7497fbfdbf312c307f1d-refs/branch-heads/3945@{#1019}
OS macOS Version 10.15.1 (Build 19B88)
Component 0.1.35
  • Verified on http://mcrypto.com and https://www.arcus.mx/
  • Verified clicking on continuing at your own risk. on the phishing page navigates to the landing page properly

@srirambv srirambv added feature/ethereum-remote-client and removed feature/web3/wallet Integrating Ethereum+ wallet support labels Sep 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ryanml ryanml

Labels
bug feature/ethereum-remote-client priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Yes release-notes/exclude
Projects
None yet
Milestone
Ethereum Remote Client 1.0.15
Development

No branches or pull requests
4 participants
@tildelowengrimm @ryanml @ryzr @srirambv