url to test

1,656 views
Skip to first unread message

substantiel

unread,
Mar 29, 2010, 8:52:35 AM3/29/10
to Google Safe Browsing API
Hi,
We've implemented google safe browsing protection api v1 in our
client, and we're looking for urls to test it. I known
http://malware.testing.google.test/testing/malware/ is a test url, but
we face the same problem as reported in this thread:
http://groups.google.com/group/google-safe-browsing-api/browse_thread/thread/fe388dd7d9d6c02f

when trying different combinations of malware.testing.google.test/
testing/malware/, we never succeed.

Last replier told he could get a match malware.testing.google.test/
testing/malware/ with md5 dc5178cc1a0820bc434c83d2f089f105
We can see that md5 in our database, but none of the strings we tested
had dc5178cc1a0820bc434c83d2f089f105 for md5. So, when testing safe
browsing with http://malware.testing.google.test/testing/malware/ , do
you succeed in matching a hash of the wire format. And with with
string and md5 do you succeed ?

thanks

Berk D. Demir

unread,
Apr 1, 2010, 3:49:02 PM4/1/10
to google-safe-...@googlegroups.com
On Mon, Mar 29, 2010 at 05:52, substantiel
<substantie...@gmail.com> wrote:

> We've implemented google safe browsing protection api v1 in our
> client, and we're looking for urls to test it.
>

> when trying different combinations of malware.testing.google.test/
> testing/malware/, we never succeed.

Did you implement URL canonicalization in your client as specified by
the "Developer's Guide" at
http://code.google.com/apis/safebrowsing/developers_guide.html#Canonicalization


>
> Last replier told he could get a match malware.testing.google.test/
> testing/malware/ with md5 dc5178cc1a0820bc434c83d2f089f105
> We can see that md5 in our database, but none of the strings we tested
> had dc5178cc1a0820bc434c83d2f089f105 for md5.

MD5 is cryptographic hash function. Ideally you'll get a unique has
for every unique input. Technically it's mapping space is 128-bits so
have the chance to have collisions but again ideally you won't. That
being said, you cannot expect another input to give the same MD5 hash.

That's why __you need to canonicalize the URL and try iterations of
it__. Read the sections "Performing Lookups" and "Canonicalization" in
Developer's Guide and implement your code as specified.

Reply all
Reply to author
Forward
0 new messages