โ† Projects
02 / 06 - Python ยท Flask ยท Chrome Extension ยท ML

ML Anti-Phishing
Extension

Chromium extension and Python API server for URL reputation checks, blacklist/whitelist validation and ML-based phishing detection. Fully self-hosted.

PythonFlask Chrome ExtensionML DockerSecurity
Overview

What it does

A two-part security tool: a Chromium extension intercepts every navigation event and POSTs the URL to a local Flask API before the page loads. The server checks the URL against configurable lists and an ML classifier, then returns a verdict.

The entire stack runs locally via Docker Compose - no external services, no telemetry. The extension communicates only with the self-hosted server, so no browsing data leaves the machine.

Features

Key capabilities

01
Real-time URL checking
Intercepts all navigation events before the page loads. Zero user action required.
02
Blacklist / Whitelist
Fast configurable local lookup. Add domains via the settings page or API. Checked before ML for instant known-bad blocking.
03
ML-based detection
Trained URL classifier for unknown domains. Configurable confidence threshold for blocking vs. warning.
04
Rate limiting
Per-IP request throttling on the API server prevents misuse and keeps the local service responsive.
05
Docker deployment
Full stack runs with a single docker compose up. Easily self-hosted on any machine with Docker.
How it works

Detection flow

01
Intercept
Extension catches the navigation event before the page loads and extracts the URL.
02
POST to API
Extension sends the URL to the local Flask server. Connection is to localhost only.
03
Analysis
Server checks blacklist โ†’ whitelist โ†’ ML classifier in sequence. First match wins.
04
Verdict
Safe / Phishing / Unknown verdict returned with a confidence score. Extension shows indicator or blocks.
Architecture

Project structure

tree
anti-phishing/
โ”œโ”€โ”€ extension/
โ”‚   โ”œโ”€โ”€ manifest.json       # Manifest V3
โ”‚   โ”œโ”€โ”€ background.js       # Service worker, intercept logic
โ”‚   โ”œโ”€โ”€ content_script.js   # Page-level indicator injection
โ”‚   โ””โ”€โ”€ popup/              # Settings UI
โ”œโ”€โ”€ server/
โ”‚   โ”œโ”€โ”€ app.py              # Flask API
โ”‚   โ”œโ”€โ”€ classifier.py       # ML model wrapper
โ”‚   โ”œโ”€โ”€ lists.py            # Blacklist / whitelist manager
โ”‚   โ”œโ”€โ”€ model/              # Trained model files
โ”‚   โ””โ”€โ”€ requirements.txt
โ””โ”€โ”€ docker-compose.yml
Installation

Running the server

bash
# Start the API server
docker compose up -d

# Load the extension
# Chrome โ†’ Extensions โ†’ Load unpacked โ†’ /extension