-
Notifications
You must be signed in to change notification settings - Fork 20
Configuring the extension
Once installed in your browser, find the debug button at the top of the Phishcatch extension popup UI. Clicking this will take you to a screen that will allow you to make arbitrary local config changes.
The PhishCatch extension is designed to be centrally managed using an enterprise management platform such as Windows Group Policy or Jamf Pro configuration profiles.
While only three configurations are considered truly essential, there are a variety of configuration options designed to ease deployment, reduce alert noise, and maximize deployment effectiveness.
Examples of deployment profiles can be found in the policy-templates folder.
Configure sites authorized to use enterprise credentials. Passwords entered into sites on this list will be hashed and stored locally, and compared to passwords entered on any sites not on this list to determine if they are being reused.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\enterprise_domains\00 (REG_SZ) = mydomain.com
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\enterprise_domains\01 (REG_SZ) = subdomain.mydomain.com
<dict>
<key>enterprise_domains</key>
<array>
<string>mydomain.com</string>
<string>subdomain.mydomain.com</string>
</array>
</dict>
The URL of the PhishCatch server. The extension will need to be able to reach this server in order to trigger webhooks.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\phishcatch_server (REG_SZ) = https://phishcatch.mydomain.com
<dict>
<key>phishcatch_server</key>
<string>https://phishcatch.mydomain.com</string>
</dict>
The preshared key configured on the PhishCatch server. This key must match between the extension config and the value set on the server, otherwise webhooks will not be triggered.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\psk (REG_SZ) = MYPSK123
<dict>
<key>psk</key>
<string>MYPSK123</string>
</dict>
The number of days that hashed passwords are cached locally. The default setting is 90.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\data_expiry (REG_DWORD, decimal) = 90
<dict>
<key>data_expiry</key>
<integer>90</integer>
</dict>
Enable or disable password reuse alert toast notifications on the endpoint. It is recommended to set this to false during testing and rollout to reduce the impact to end users. The default setting is true.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\display_reuse_alerts (REG_DWORD) = 0x1 | 0x0
<dict>
<key>display_reuse_alerts</key>
<true/> | <false/>
</dict>
Enable or disable access to the debug GUI on the endpoint. The debug GUI shows the current config, currently cached data (usernames, password hashes, etc.), and allows for manual config override. The default setting is true.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\enable_debug_gui (REG_DWORD) = 0x1 | 0x0
<dict>
<key>enable_debug_gui</key>
<true/> | <false/>
</dict>
Allows the user to manually populate password hashes in the PhishCatch GUI, in addition to capturing them from corporate domains. The default setting is false.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\enable_manual_password_entry (REG_DWORD) = 0x1 | 0x0
<dict>
<key>enable_manual_password_entry</key>
<true/> | <false/>
</dict>
Enables a FAQ button in the PhishCatch GUI that links to an arbitrary URL. If not present, no button will be displayed.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\faq_link (REG_SZ) = https://wiki.mydomain.com/PhishCatch
<dict>
<key>faq_link</key>
<string>https://wiki.mydomain.com/PhishCatch</string>
</dict>
Configure sites that should be ignored. Usernames and passwords entered into sites on this list will NOT be hashed, stored, compared, or generate alerts. If not present, no domains will be ignored.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\ignored_domains\00 (REG_SZ) = ignored.mydomain.com
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\ignored_domains\01 (REG_SZ) = *.ignoreme.local
<dict>
<key>ignored_domains</key>
<array>
<string>ignored.mydomain.com</string>
<string>*.ignoreme.local</string>
</array>
</dict>
The number of PBKDF2 iterations used when hashing passwords. The more iterations used, the more difficult the hash will be to reverse, but will also require additional processing resources on the endpoint. The default setting is 100000.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\pbkdf2_iterations (REG_DWORD, decimal) = 100000
<dict>
<key>pbkdf2_iterations</key>
<integer>100000</integer>
</dict>
Enables a "Source Code" button in the PhishCatch GUI that links to an arbitrary URL. If not present, no button will be displayed.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\repo_link (REG_SZ) = https://github.com/palantir/phishcatch
<dict>
<key>repo_link</key>
<string>https://github.com/palantir/phishcatch</string>
</dict>
Determines the verbosity of the URLs sent in reuse alert webhooks. Options are:
-
host: Alerts redact all URL parameters other than the hostname (e.g.example.com/foo?token=barbecomesexample.com) -
path: Alerts include the hostname and path (e.g.example.com/foo?token=barbecomesexample.com/foo) -
none: No sanitization is performed, potentially logging sensitive auth tokens (e.g.example.com/foo?token=barremainsexample.com/foo?token=bar)
The default setting is host.
SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\jgegnlkclgfifjphjmijnkmicfgckmah\policy\url_sanitization_level (REG_SZ) = host
<dict>
<key>url_sanitization_level</key>
<string>host</string>
</dict>