Anti Phishing Tools
URLV - Uniform Resource Locator Validation - (updated 2007-07-29)

Protection against... Detection... Ease to install
User usage
  funds transfert simple phishing MITM phishing ISP pharming trojan keylogger advanced trojan before-fraud after-fraud
By user

Goal : helping user decide if an url is good or not
Installed by : any organization or company whishing to help users

Here we will use a risk-approach page, and send all important Web sites that you visit go through this page. This tool will identify whether a URL is a correct one, and if so, will perform a redirection. It uses a parsing analysis which detects if the URL is using some character commonly found in phishing attack cases.

My opinion: this solution implies that users get used to using this site for important links, thus a pre-requisite is user awareness.
We all know it's difficult. It can also be an issue for privacy as it becomes easy to record Internet usage for the trusted site owner.
It can also become a security risk if user post a link giving full authorized access to his personnal page. Finally, it can be counterfeited, as could be the final site.
This POC is unadapted to real usage, but we find similar mecanisms in Microsoft Internet Explorer 7 with its "dynamic security protection" integrated inside the phishing filter. Some toolbars can also helps identifying phishing sites, either via a blacklist  check 
(Netcraft toolbar) or via a heuristic analysis of the URL (part of SpoofGuard toolbar) as described here.

HTML page

<!-- In the home page of the trusted site insert this //-->
<h1> Enter your link to be verified </h1>
<form action="verify.php" method=POST >
<input type=text name=link_to_go_to size=100></input>

PHP Page

function assess($link,$weigh){
 if (strlen(link)-1==strrpos($link,"\/")){ // If link ends with a "/"
  $link=substr($link,0,strlen($link)-1); // Delete last "/"
 $link=substr($link,$place+1,$link_size-($place+1)); // we use only URI composed with domain names, not protocol anymore

.vi,.vn,.vu,.wf,.ws,.ye,.yt,.yu,.za,.zm,.zr,.zw "

 //Decrease weigh for protocol not so secure
 if (!strcmp($proto,"https"))$weigh=$weigh;
 elseif (!strcmp($proto,"http"))$weigh=$weigh-1;
 else $weigh=$weigh-2;

 //Decrease weigh for a "/" in URI
 if strpos($link,"\/")$weigh=$weigh-1;
 //Decrease weigh for a "%" in URI
 if strpos($link,"\%")$weigh=$weigh-1;
 //Decrease weigh for a "&#" in URI
 if strpos($link,"\&\#")$weigh=$weigh-2;
 //Decrease weigh for a "." afterthe last "/" in URI, which is not normal
  if (strrpos($link,"\.")>strrpos($link,"\/")) $weigh=$weigh-5;
 //Decrease weigh for a TLD extension followed by another TLD extension further in the link
 for ($tld=strok($tld_list, ",");$tld!="";$tld=strok(",")){
  if (!strcmp(substr($link,$tld+strlen($tld),1),"\.") || (!strcmp(substr($link,$tld+strlen($tld),1),"\/")){
   for ($tld2=strok($tld_list, ",");$tld2!=$tld;$tld2=strok(",")){
    if strrpos($link,$tld2)>strrpos($link,$tld) $weigh=$weigh-4;
 return $weigh;

function detect_error ($link){
 if strpos($link,"\;"){
  $return="BAD LINK";
 if strpos($link,"\ "){
  $return="BAD LINK";
 if strpos($link,"\*"){
  $return="BAD LINK";
 if strpos($link,"\@"){ // Here we forbid userauth cos it's often used for phishing purposes
  $return="BAD LINK";
 if strpos($link,"\'"){ // Does it have to be used in a main page ? no. So let's forbid it
  $return="BAD LINK";
 if strpos($link,"\""){ // Does it have to be used in a main page ? no. So let's forbid it
  $return="BAD LINK";
 return $result;

function sanitize($link){
 $link=strtolower(trim($link)); // clean input
 if (strlen(link)-1==strrpos($link,"\/")){ // If link ends with a "/"
  $link=substr($link,0,strlen($link)-1); // Delete last "/"
 $set="\/\&\?\@\%"; // set with special chars
 $position=strspn($link,$set); // Find if one of this char is used
 $link=substr($link,0,$position); // If a special char is used, we stop the uri before this char

 return $link;

// Main

$initial_weigh=10; // Before we assess the link, we assign a value to the link consistency CHANGE THIS VALUE IF REQUIRED
$test_passed_weigh=8; // This is the value we MUST obtain after assessing the test, when link consistency is more than this value, we follow the link, when it's less, we sanitize the link and follow

//print headers
print "<html>";


if (!strcmp(detect_error($link_to_go_to),"BAD LINK")){
 print"<body><center>Your link seems to be made of error(s). Please take caution before using it</center></body>";

if ($link_assessment<$test_passed_weigh ) {
 print "<head><META http-equiv=\"refresh\" content=\"1;URL=".$sanitized_link."\"></head>";
 print "<body><center>Your link has been rated ".$link_assessment." / ".$initial_weigh. "<BR> You'll be redirected in 1 second to a sanitized link : ".$sanitized_link."</center></body>";

 print "<head><META http-equiv=\"refresh\" content=\"1;URL=".$link."\"></head>";
 print "<body><center>Your link has been rated ".$link_assessment." / ".$initial_weigh. "<BR> You'll be redirected in 1 second</center></body>";

//print footers
print "</html>";