New Update Osprey Browser Protection discussion and updates

Add-on/Extension Page
https://github.com/Foulest/Osprey
https://chromewebstore.google.com/detail/osprey-browser-protection/jmnpibhfpmpfjhhkmpadlbgjnbhpjgnd
https://microsoftedge.microsoft.com/addons/detail/osprey-browser-protectio/nopglhplnghfhpniofkcopmhbjdonlgn
https://addons.mozilla.org/en-US/firefox/addon/osprey-browser-protection/
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,838
Osprey 1.1.7

Changes in 1.1.7

  • Fixed context menus in Firefox
This update has been submitted to all extension stores.

Full Changelog: 1.1.6...1.1.7
Click to expand...
github.com

Release 1.1.7 · Foulest/Osprey

Changes in 1.1.7 Fixed context menus in Firefox This update has been submitted to all extension stores. Full Changelog: 1.1.6...1.1.7
github.com github.com
 
  • +Reputation
  • Like
Reactions: Kongo, silversurfer, mlnevese and 3 others
R

robboman

Level 2
Verified
Jul 11, 2018
66
This add-on is really interesting, great job by the developer. I will definitely install this on my grandparents laptop to better protect them against phishing.

Does this add-on slow down webpage loading since it uses so many different providers APIs to check the links?
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey and piquiteco
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,838
robboman said:
This add-on is really interesting, great job by the developer. I will definitely install this on my grandparents laptop to better protect them against phishing.

Does this add-on slow down webpage loading since it uses so many different providers APIs to check the links?
Click to expand...
No slowdowns noticed.
My settings for Osprey are:
Osprey with the defaults minus Symantec because of a false positive with the AMTSO website.
Blocking the whole website will give good results in testing, but not for usability.
So, I have these enabled in Osprey: Emsisoft, Bitdefender, Norton. G DATA, DNS0.eu, CleanBrowsing and Switch.ch.
Click to expand...
malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...
malwaretips.com malwaretips.com
Due to their high scores, the following providers are enabled by default:
Due to their low scores, the following providers are disabled by default:
Click to expand...
github.com

GitHub - Foulest/Osprey: Browser extension that protects you from malicious websites.

Browser extension that protects you from malicious websites. - Foulest/Osprey
github.com github.com
 
  • Hundred Points
  • Like
Reactions: Kongo, silversurfer, piquiteco and 1 other person
R

robboman

Level 2
Verified
Jul 11, 2018
66
Gandalf_The_Grey said:
No slowdowns noticed.
My settings for Osprey are:

malwaretips.com

Hot Take - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings

Comparison between browser extensions Test 29/12 Q&A - [Updated 29/12/2018] Browser extension comparison: Malwares and Phishings Test 24/11 Q&A - [Updated 24/11/2018] Browser extension comparison: Malwares and Phishings Test 12/11 Q&A - [Updated 12/11/2018] Browser extension comparison...
malwaretips.com malwaretips.com

github.com

GitHub - Foulest/Osprey: Browser extension that protects you from malicious websites.

Browser extension that protects you from malicious websites. - Foulest/Osprey
github.com github.com
Click to expand...
That's great to hear, I will be installing this add-on 👍
 
  • Like
Reactions: silversurfer and Gandalf_The_Grey
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
667
Gandalf_The_Grey said:
Osprey 1.1.7

github.com

Release 1.1.7 · Foulest/Osprey

Changes in 1.1.7 Fixed context menus in Firefox This update has been submitted to all extension stores. Full Changelog: 1.1.6...1.1.7
github.com github.com
Click to expand...
It updated quickly, as soon as I saw your post when I went to check the Osprey extension it had already updated and was already at version 1.1.7. I'm currently using EDGE.
1745664888426.png
 
  • Like
Reactions: Gandalf_The_Grey and silversurfer
Marko :)

Marko :)

Level 25
Verified
Top Poster
Well-known
Aug 12, 2015
1,469
Can someone with a virtual machine test something for me?

1. Open a console in web browser with networking tab
2. Visit a malicious site
3. Check the requests being made by the browser

Why?

I'm interested if website is being loaded normally until the extension gets an answer or does it wait for the answer from security provider and then decides if the website will open.

This matters because if website loads in the background, there's a chance malicious script will be loaded before Osprey gets an answer from security provider. On the other hand, if it waits for the answer to decide if website will load or not, you should see some delay as it needs to check for the answer from external services. And seeing pretty much none of you experiences delays or slowdowns that seems like it's not the case either.
 
  • Like
Reactions: piquiteco
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
667
Marko :) said:
Can someone with a virtual machine test something for me?

1. Open a console in web browser with networking tab
2. Visit a malicious site
3. Check the requests being made by the browser
Click to expand...
Is that what you wanted? I've updated the post, I forgot to show the phishing page the milliseconds. :)
1745666386300.png

1745666724896.png
 
Last edited:
  • Like
Reactions: Marko :)
Marko :)

Marko :)

Level 25
Verified
Top Poster
Well-known
Aug 12, 2015
1,469
This only shows
piquiteco said:
Is that what you wanted? I've updated the post, I forgot to show the phishing page the milliseconds. :)
View attachment 288301
View attachment 288302
Click to expand...
This shows the requests of the extension itself. Try opening an anonymous tab, then open a console (network tab) and then visit the malicious website. And see the first requests that are made.

It's necessary for test to be made in this order so we could see all requests.
 
  • Like
Reactions: piquiteco
SeriousHoax

SeriousHoax

Level 51
Verified
Top Poster
Well-known
Mar 16, 2019
4,034
Marko :) said:
Can someone with a virtual machine test something for me?

1. Open a console in web browser with networking tab
2. Visit a malicious site
3. Check the requests being made by the browser

Why?

I'm interested if website is being loaded normally until the extension gets an answer or does it wait for the answer from security provider and then decides if the website will open.

This matters because if website loads in the background, there's a chance malicious script will be loaded before Osprey gets an answer from security provider. On the other hand, if it waits for the answer to decide if website will load or not, you should see some delay as it needs to check for the answer from external services. And seeing pretty much none of you experiences delays or slowdowns that seems like it's not the case either.
Click to expand...
The last time I checked, Osprey doesn't hold the connection till a response is received. The browser does its normal job trying to load the website and Osprey at the same time does what it is supposed to do and after it finds it in a blacklist the webpage gets blocked. This is what it looked like to me.
@Foulest can provide more details and correct me if I'm wrong.
SmartScreen in Microsoft Edge works similarly. It never holds the connection. Google Safe Browsing in normal mode does the checking locally as you know before letting the site load, but local processing is extremely fast while its Enhanced Safe Browsing mode from what I saw actually wait till it receives a response from the server before letting a site load. So Enhanced Safe Browsing had a slight performance impact when I tested.
 
  • +Reputation
Reactions: Marko :), Gandalf_The_Grey and silversurfer
Marko :)

Marko :)

Level 25
Verified
Top Poster
Well-known
Aug 12, 2015
1,469
SeriousHoax said:
The last time I checked, Osprey doesn't hold the connection till a response is received. The browser does its normal job trying to load the website and Osprey at the same time does what it is supposed to do and after it finds it in a blacklist the webpage gets blocked. This is what it looked like to me.
@Foulest can provide more details and correct me if I'm wrong.
SmartScreen in Microsoft Edge works similarly. It never holds the connection. Google Safe Browsing in normal mode does the checking locally as you know before letting the site load, but local processing is extremely fast while its Enhanced Safe Browsing mode from what I saw actually wait till it receives a response from the server before letting a site load. So Enhanced Safe Browsing had a slight performance impact when I tested.
Click to expand...
That might not be ideal. Sure, it could work for phishing websites, but those malicious ones... I wouldn't rely on Osprey to block those. Hackers can easily make malicious scripts to load first and massively increase chances of executing script before Osprey reacts.

There is a solution for this, but this would require @Foulest to have a server which would cache all the URL requests. Instead of sending multiple requests to security providers, it would only make one requests to Foulest's server which would then forward URLs to security providers and then return the result. Otherwise, it's either no delay and less protection, or more delay and better protection.
 
  • +Reputation
Reactions: piquiteco
Marko :)

Marko :)

Level 25
Verified
Top Poster
Well-known
Aug 12, 2015
1,469
piquiteco said:
Drive-by download if that's what I understood, I hadn't thought about it, the malicious page would be a problem to open if Osprey Browser Protection didn't block it first.
Click to expand...
That and much more. Malicious scripts have way more potential than just launching drive-by download attack. It's also worth to have in mind that while website might deem safe, scripts can come and execute from third party domain(s) which makes this approach even more dangerous.
 
Last edited:
  • Like
Reactions: SeriousHoax, silversurfer and piquiteco
piquiteco

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
667
Marko :) said:
That and much more. Malicious scripts have way more potential than just launching drive-by download attack. It's also worth to have in mind that website might deem safe, scripts can come and execute from third party domain which makes this approach even more dangerous.
Click to expand...
Exactly, a malicious script running even after being blocked by the extension would be a big problem. Phishing pages don't last long online, and most AVs detect them and take them down after a while. Who could test this for us? Did you watch @Shadowra video? Doesn't it clarify this?
 
  • Like
Reactions: silversurfer and Marko :)
Marko :)

Marko :)

Level 25
Verified
Top Poster
Well-known
Aug 12, 2015
1,469
I agree. According to Perplexity, 84% of phishing sites are taken offline in less than 24 hours. Most of them cease to exist after around 15 hours. I didn't watch Shadowra's video so I can't comment. Malicious sites last longer, I think.
 
  • Like
Reactions: silversurfer, piquiteco and Shadowra
silversurfer

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,726
Marko :) said:
That might not be ideal. Sure, it could work for phishing websites, but those malicious ones... I wouldn't rely on Osprey to block those. Hackers can easily make malicious scripts to load first and massively increase chances of executing script before Osprey reacts.
Click to expand...
Well, I guess nobody here rely on Osprey alone, it's rather one part of protection layers, the main part of protection is usually an AV and a good one should be able to prevent attacks through malicious scripts.

Marko :) said:
There is a solution for this, but this would require @Foulest to have a server which would cache all the URL requests. Instead of sending multiple requests to security providers, it would only make one requests to Foulest's server which would then forward URLs to security providers and then return the result. Otherwise, it's either no delay and less protection, or more delay and better protection.
Click to expand...
We should consider that @Foulest does his work for free and a server would require payment, we shouldn't expect too much "for free" ;)
 
  • Like
  • Applause
Reactions: harlan4096, mlnevese, Oldie1950 and 3 others

Similar threads

Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Osprey Browser Protection Reviews
Replies
41
Views
2,193
Video Reviews - Security and Privacy
Vitali Ortzi
Vitali Ortzi
Vitali Ortzi
    • Like
    • +Reputation
    • Applause
Hot Take extensions can help a lot against phishing
Replies
31
Views
2,673
Web Extensions
bazang
bazang
Lord Ami
    • Like
    • +Reputation
    • Sad
New Update F-Secure beta version updates
Replies
131
Views
20,254
F-Secure
Virtuoso
Virtuoso

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top