Osprey: Browser Protection

Osprey is a browser extension that protects you from malicious websites:

https://github.com/Foulest/Osprey

currently installable in Chrome/Edge but will soon be available in the Mozilla Store.
The developer Foulest is very helpful in solving any problems.

 

Thank you. Just installed it on Edge. I do not see any "Settings" as mentioned to configure it. So currently running with the default protection.

 

You can remove the Microsoft Smartscreen filter,even if the developer writes that it doesn't matter it seems illogical to me not to let Edge have this possible block.

Another option is to delete notifications.
Otherwise you will also be bombarded with notifications in the bottom right corner when in my opinion the extension's blocking page is already sufficient.

Another aspect to consider:

https://github.com/Foulest/Osprey/issues/5

 

Osprey, this looks inspiring in stalling it in Google Chrome

 

I noticed the Chrome extension is more up to date than the version in the Edge store. Is there any reason not to use it on Edge?

 

In addition to the link brought to attention by
@stapp,
@Vitali Ortzi

whom I salute, did a 0-day test taken only from DNS.eu.

I don't know if you noticed that in the 60 link test, Symantec seems to be the one blocking everything.
But it is interesting to verify that disabled Symantec other protections intervene.

I did a different test always with Phishtank + AA419 I checked which websites are blocked by my DNS protection.

All but 2 links escaped.

So I checked in Osprey which protection was blocking those links.

I disabled all protections and left Quad9DNS + DNS0.eu on.


P.S.

I will include the fake links not blocked by my DNS protection and taken from Quad9 DNS (but other Osprey protections may block such links)

Fake links (beware of entering sensitive data):

https://www.regionalcfb.com/

https://www.teencanceraid.com/

_____________________________________________________________________


Although the extension is very light,I assume that too many active protections can lead to a few too many FPs.
So it is good to choose Osprey protections "cum grano salis".

P.S1

Now I will check how long the links escaped blocking when and especially if they will be blocked by my DNS.

1) One link is already blocked by my DNS protection:

https://ibb.co/20bkBsDr

 

I did some testing in URLhaus database with multiple exe links.

Obviously those using Osprey with a few protections selected might see that the blocks are lower than with all protections on.

But by using HTTPS always on and decreasing Insecure Cipher Suites you can get good direct protection.
Obviously using an adblocker decreases the chance of going up against these malwares links.

 

nice extension
sadly there isn't still avaible for firefox
would like to watch a video
how many malwares and malicious websites can stop ?

 

Over at MalwareTips Forums, someone posted three "Osprey against ..." videos: [1], [2], [3].
I haven't watched the videos. I like to read about things, not watch videos.

 

@mantra,
One more video review over at MalwareTips Forums.

MalwareTips Forums now also has an Osprey thread incorporating the different information sources, including the reviews.

 

where's the allowlist?

 

https://github.com/Foulest/Osprey/wiki/Modifying-the-Cache

 

Osprey 1.1.1 out on ChromeWebStore

 

its like results on VT, those scary native users. from my view: osprey is definitely an extension for experienced users.

 

Blocked by NextDNS AI, other links mostly by NRDs.

 

Same here :

 

Version 1.1.2 out few hours ago on ChromeWebStore

 

It's definitely like VirusTotal, but for web-based lookups in real-time. I haven't come to a consensus on what providers to keep enabled for default use. It's hard to do false-positive testing.

 

Yes, that is the case today.
It has been 5 1/2 hours and the first link has been blocked by NextDNS.
There is no doubt about that.

More hours certainly for NextDNS blocking of the second link but I went to sleep.

 

@Foulest

Yes, it is difficult to come to a conclusion of which protections to enable by default.
In my opinion it is great to check for fake links + phishing links and this has already been done by you,me and a few other users.

I believe, however, that it is predominate to perform tests in links with malwares content.
I recommend here:

https://urlhaus.abuse.ch/browse.php?search=exe

P.S.

For example, the first active link is blocked (now) only by Bitdefender,GData,Emsisoft (my verification is with Symantec disabled at default).

Also the second link (with different dns) the same.
So I assume that these 3 protections would be left on by default for malwares.

Probably other protections are more specific and perform better for phishing + fake sites.

P.S.1

Quad9 is great for fake sites blocked here:

https://db.aa419.org/fakebankslist.php

You did the phishing test yourself as well.