I Tried google safe browsing API on URLs to prevent phishing and it doesn't detect them to be phishing urls...

1,542 views
Skip to first unread message

Nicolas Laporte

unread,
Apr 23, 2017, 11:32:37 PM4/23/17
to Google Safe Browsing API
I creating an extension for detect and prevent phishing. 
Actually my extension working well, but I have some issues with google safe browsing API.

I tried to detect some urls like : 
Which are obviously phishing urls.. But the API show me that, they are not phishing urls.. Is it normal ? Have I failed something with my request ? 
Here is an exemple of my json POST request :
{
          client: {
            clientId: "InfoClient",
            clientVersion: "InfoClient"
          },
          threatInfo: {
            threatTypes: [
            "MALWARE",
            "SOCIAL_ENGINEERING",
            "UNWANTED_SOFTWARE",
            "POTENTIALLY_HARMFUL_APPLICATION"
            ],
            platformTypes: ["ANY_PLATFORM"],
            threatEntryTypes: ["URL"],
            threatEntries:request.list  //Here the Array of URLs I tried to detect 
        }
}

Thanks in advance for your responses, and sorry for my poor English.

John

unread,
May 24, 2017, 12:22:01 PM5/24/17
to Google Safe Browsing API

andre...@gmail.com

unread,
May 31, 2017, 4:24:27 AM5/31/17
to Google Safe Browsing API
That URL doesn't show up for me.  (Using the update API, it doesn't even hit the hash prefix match.)  However, several other bad URLs posted to this group show up, as does the test URL: malware.testing.google.test/
testing/malware/


On Wednesday, 24 May 2017 17:22:01 UTC+1, John wrote:

Alex Wozniak

unread,
Jun 5, 2017, 3:36:43 PM6/5/17
to Google Safe Browsing API
Hi Nicolas,

Thanks for your email. It doesn't appear that anything is awry with your request; Safe Browsing just doesn't find the URLs you sent over to match any of the threat types. As others mentioned, you can test whether your request is well-formed by using the testing URLs (http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL).

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-safe-browsing-api.
For more options, visit https://groups.google.com/d/optout.

Andrew Rose

unread,
Jun 5, 2017, 4:32:55 PM6/5/17
to google-safe-...@googlegroups.com
Alex,

That's interesting - I find some of the URLs lists posted here as bad (so I've got good reason to think that the canonicalisation, prefix/suffix & hashing is working properly) but not that particular URL.  What region constraint should I use in order to receive that entry?  And, just to double check, what hash prefix should it be matching?

Thanks,

Andrew

On 5 June 2017 at 20:36, 'Alex Wozniak' via Google Safe Browsing API <google-safe-...@googlegroups.com> wrote:
Hi Nicolas,

Thanks for your email. It doesn't appear that anything is awry with your request; Safe Browsing just doesn't find the URLs you sent over to match any of the threat types. As others mentioned, you can test whether your request is well-formed by using the testing URLs (http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL).
On Wed, May 31, 2017 at 4:24 AM <andre...@gmail.com> wrote:
That URL doesn't show up for me.  (Using the update API, it doesn't even hit the hash prefix match.)  However, several other bad URLs posted to this group show up, as does the test URL: malware.testing.google.test/
testing/malware/


On Wednesday, 24 May 2017 17:22:01 UTC+1, John wrote:

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.

Alex Wozniak

unread,
Jun 5, 2017, 4:36:04 PM6/5/17
to google-safe-...@googlegroups.com
Andrew, apologies for a typo in the testing URL. It should have a trailing slash: http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/

Let me know if you're still having issues!

On Mon, Jun 5, 2017 at 4:32 PM Andrew Rose <andre...@gmail.com> wrote:
Alex,

That's interesting - I find some of the URLs lists posted here as bad (so I've got good reason to think that the canonicalisation, prefix/suffix & hashing is working properly) but not that particular URL.  What region constraint should I use in order to receive that entry?  And, just to double check, what hash prefix should it be matching?

Thanks,

Andrew
On 5 June 2017 at 20:36, 'Alex Wozniak' via Google Safe Browsing API <google-safe-...@googlegroups.com> wrote:
Hi Nicolas,

Thanks for your email. It doesn't appear that anything is awry with your request; Safe Browsing just doesn't find the URLs you sent over to match any of the threat types. As others mentioned, you can test whether your request is well-formed by using the testing URLs (http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL).
On Wed, May 31, 2017 at 4:24 AM <andre...@gmail.com> wrote:
That URL doesn't show up for me.  (Using the update API, it doesn't even hit the hash prefix match.)  However, several other bad URLs posted to this group show up, as does the test URL: malware.testing.google.test/
testing/malware/


On Wednesday, 24 May 2017 17:22:01 UTC+1, John wrote:

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsi...@googlegroups.com.
To post to this group, send email to google-safe-...@googlegroups.com.

Andrew Rose

unread,
Jun 6, 2017, 3:40:13 AM6/6/17
to google-safe-...@googlegroups.com
Ah, much better.

Thanks,

Andrew

On 5 June 2017 at 21:35, 'Alex Wozniak' via Google Safe Browsing API <google-safe-...@googlegroups.com> wrote:
Andrew, apologies for a typo in the testing URL. It should have a trailing slash: http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/

Let me know if you're still having issues!
On Mon, Jun 5, 2017 at 4:32 PM Andrew Rose <andre...@gmail.com> wrote:
Alex,

That's interesting - I find some of the URLs lists posted here as bad (so I've got good reason to think that the canonicalisation, prefix/suffix & hashing is working properly) but not that particular URL.  What region constraint should I use in order to receive that entry?  And, just to double check, what hash prefix should it be matching?

Thanks,

Andrew
On 5 June 2017 at 20:36, 'Alex Wozniak' via Google Safe Browsing API <google-safe-browsing-api@googlegroups.com> wrote:
Hi Nicolas,

Thanks for your email. It doesn't appear that anything is awry with your request; Safe Browsing just doesn't find the URLs you sent over to match any of the threat types. As others mentioned, you can test whether your request is well-formed by using the testing URLs (http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL).
On Wed, May 31, 2017 at 4:24 AM <andre...@gmail.com> wrote:
That URL doesn't show up for me.  (Using the update API, it doesn't even hit the hash prefix match.)  However, several other bad URLs posted to this group show up, as does the test URL: malware.testing.google.test/
testing/malware/


On Wednesday, 24 May 2017 17:22:01 UTC+1, John wrote:

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Google Safe Browsing API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-safe-browsing-api+unsub...@googlegroups.com.
To post to this group, send email to google-safe-browsing-api@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages