CBX is a comprehensive security-focused browser extension designed to detect and mitigate common web-based attacks in real-time. Built to be compatible across Chromium-based browsers, it empowers users and organizations with proactive protection against web vulnerabilities like XSS, CSRF, SQLi, and more.
- 🔐 Detects multiple web vulnerabilities:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- SQL Injection (SQLi)
- Tabnabbing
- Phishing
- Frame Busting (iFrame-based attacks)
- 🧠 ML-based phishing detection (trained on PhishTank dataset)
- 🌍 Cross-browser compatibility: Chrome, Edge, Opera, Brave
- ⚡ Lightweight with minimal performance overhead
- 🔄 Real-time detection and alerts
This extension is backed by academic research and was published at IEEE:
📄 A Survey Paper on Browser Extensions to Detect Web Attack
IEEE Xplore
git clone https://github.com/your-username/CBX-Browser-Extension.git
cd CBX-Browser-ExtensionTo load the extension in your browser:
- Open your browser and go to
chrome://extensions/ - Enable Developer mode (toggle in the top-right corner)
- Click Load unpacked
- Browse and select the root directory of this project (where
manifest.jsonis located)
- HTML5, CSS3, JavaScript (Vanilla)
- Chrome Extension APIs (Manifest v3)
- Machine Learning (Phishing Detection)
- Static + Behavioral Analysis
- Browser DOM & Event Listeners
- Secure Local Storage
- VirusTotal API (for Phishing analysis)
CBX was tested against simulated environments and real phishing datasets. Detection accuracy highlights:
- XSS Detection: ~93%
- SQL Injection: ~91%
- Phishing Detection (ML-based): ~96%
- Tabnabbing & Clickjacking: Rule-based detection with >90% efficacy
Details are available in the full report.
- Ghost Inspector: For automated UI testing
- Selenium IDE: For interaction flow testing
- LambdaTest: Cross-browser testing automation
- Some false positives in edge cases (especially with aggressive input sanitization)
- Resource usage may spike on content-heavy pages
- Not compatible with all manifest versions (tested on Manifest v3)
- Currently supports Chromium-based browsers only
- Threat intelligence feed integration (VirusTotal, URLScan)
- Enhanced UI and centralized dashboard
- Custom rule configuration per organization
- Sahethi Depuru Guru
- Ayush Pattnaik
- Rutuja Kolte
- Nikhil Sharma
Under the guidance of Prof. Varshapriya J. N., VJTI Mumbai
This project is licensed under the MIT License.
See LICENSE.md for details.