Anti-Phishing Gate

About

Anti-Phishing Gate

Anti-Phishing Gate is a Chrome extension (Manifest V3) that helps protect you from phishing redirects.

You choose websites you want to protect, such as your bank, company portal, or webmail, and mark them as sandboxed. While browsing one of these protected sites, if a link attempts to open a different host in a new tab or window, the extension pauses the navigation and displays a confirmation dialog showing exactly where the link will take you. This helps prevent malicious links from quietly redirecting you to convincing phishing websites.

Protection operates at the full host level. For example, mail.example.com, app.example.com, and example.com are treated as separate hosts. Protecting or trusting one does not automatically apply to the others.

The extension maintains two lists:

Sandboxed Hosts
These are the sites where protection is active. While browsing a sandboxed host, links to other hosts require confirmation.

Trusted Hosts
Trusted hosts are allowed destinations that are associated with a specific sandboxed host. For example, if you trust zed.dev while browsing app.example.com, prompts for zed.dev will be suppressed only when navigation starts from app.example.com. The extension groups trusted hosts under the sandboxed host from which they were approved.

How It Works

1. Visit a website you want to protect and click the extension icon, then select "Add to Sandbox".

2. The current host, such as app.example.com, is stored locally in your browser.

3. While browsing a sandboxed site, the extension monitors link clicks. If a click would open a different host in a new tab or window and that destination is not trusted, the click is blocked and a confirmation dialog is displayed. The destination URL is used exactly as provided and is never modified, decoded, unwrapped, or fetched.

4. The dialog displays both the destination host and the full URL. A Trust button allows you to whitelist the destination after confirmation. The "Open External Site" button remains disabled for five seconds, giving you time to review the destination before proceeding.

5. If you choose to open the link, the extension launches it in a protected browser window. As navigation occurs, every redirect step is monitored, including HTTP redirects, meta refreshes, JavaScript redirects, and intermediate pages that require user interaction. Whenever navigation reaches a new, untrusted host, the extension stops the request before the page loads and displays another confirmation page. You can continue, optionally trust the host permanently for the current sandboxed site, or close the window.

6. The protected window remains monitored for its entire lifetime, ensuring that every host in a redirect chain is individually reviewed and approved.

The extension's toolbar badge displays "ON" in green whenever the current tab is a sandboxed host.

Redirectors and Phishing Protection

Many phishing attacks hide their true destination behind one or more redirect services. A link may appear harmless while actually leading through several intermediate domains before reaching a malicious site.

Anti-Phishing Gate does not attempt to decode, predict, or pre-fetch redirect destinations. Instead, it allows the browser to follow the real navigation path while requiring confirmation at each untrusted host.

The protected window follows actual browser redirects, and any request to a non-trusted host is intercepted before the destination page loads. As a result, every untrusted domain in a redirect chain—including redirector services themselves—must be explicitly approved before navigation can continue.

No destination is loaded until you have confirmed that step in the navigation chain.