Netcraft Toolbar Workaround
⚠️ Note: Because browser extensions evolve, your lab may refer to tools that aren’t where they used to be. Whenever you see a Netcraft Toolbar step in EHE or ECIH, use the process below to complete the phishing-detection exercise. You can substitute another tool (PhishTank SiteChecker or Google Safe Browsing) if Netcraft isn’t available.
Detecting a Phishing Attack
🎯 Objective
Learn to spot phishing sites by reviewing site reports, browser warnings, and threat indicators. You’ll install and use Netcraft to examine domain and hosting data, then decide if a URL is safe or malicious.
✅ Exercise Steps
1. Launch the Windows 10 Machine
Click Windows 10 to switch to the Windows 10 virtual machine.
Log in as the Admin user.
If prompted, locate the password under the Resources tab.
Click Yes at the network prompt.
2. Open Google Chrome
Launch the Chrome web browser.
Close the Update prompt if it appears.
If necessary, dismiss the following pop-ups:
Click No, thanks for enhanced privacy.
Click Got it on the second privacy prompt.
Ignore the Java update notification.
🛠️ Tip: Remove any pre-installed extensions that interfere with browser use (e.g., Google Docs Offline).
3. Install the Netcraft Extension
Go to the Chrome Web Store:
https://chromewebstore.google.com/- In the search box, type Netcraft Extension.
Click on the Netcraft Extension result, then click Add to Chrome.
In the pop-up, click Add Extension.
Close the “Turn On Sync” notification, if it appears.
Close the following prompt if it appears: Sign in to Chrome
4. Analyze a Safe Website
Navigate to:
https://www.certifiedhacker.com/Click the Extensions icon (puzzle piece) in the top-right corner and select the Netcraft icon.
A dialog box appears with a summary of the site. Click Site Report.
-
The full Site Report will load, organized into categories:
Background
Network
Geolocation
And others
🔎 Key Observations:
Netcraft identifies https://www.certifiedhacker.com as a safe and legitimate website:
✅ No phishing warnings
✅ No signs of malicious behavior
✅ Valid SSL certificate
✅ Stable hosting history
5. Analyze a Suspicious Website
⚠️ Disclaimer:
This exercise involves visiting potentially unsafe or suspicious websites for educational purposes. It must only be completed within the secure cyber range lab environment.
Do not attempt this outside of the virtual machine.
In the cyber range environment, open a new tab and navigate to: https://exteriorcreditos.netlify.app
The Netcraft Extension will automatically detect the threat and block the site. In some instances, well known phishing sites may be flagged automatically by your browser.
Navigate to the corresponding site report.
6. Interpreting the Site Report
Use these steps to investigate and assess the threat:
🔴 1. Check for Warnings and other red flags
Example only, each malicious site results may vary.
"Malicious URLs Detected – We suggest exercising caution..."
This is Netcraft’s strongest indicator that the site is unsafe.
🌐 2. Review Hosting & Domain Info
Look at Hosting Company, Reverse DNS, and Organization.
-
Red flags include:
Free platforms (e.g., Netlify)
Obscured DNS entries
WHOIS redacted (Check under Network > Organization)
📧 3. Check for Missing Security Records
-
Under Sender Policy Framework (SPF) and DMARC, look for:
“.....this host does not have an SPF and/or DMARC record.”
Warnings like these are indicators for potential email spoofing.
🔁 Feel free to explore other phishing websites using the Netcraft Extension to continue practicing your analysis skills. Utilizing this environment will ensure your local machine is safe.
Conclusion
You’ve used Netcraft to uncover phishing red flags—malicious-URL alerts, sketchy hosts, and missing email-auth records. These same principles apply to any phishing-analysis tool, so keep sharpening your detective skills! After completing this demonstration, you may continue with the next exercise.
Comments