Google Safe Browsing API

 

Google Safe Browsing API

Build a Post

The Google Safe Browsing API is a service that enables applications to check URLs against the Google’s lists of suspected phishing and postulated malware pages.

cloudshell
Enabling the API

First you need an APIKey and an Enabler to this API otherwise:

GPost: Failed at getting response:403{
“error”: {
“code”: 403,
“message”: “Safe Browsing API has not been used in project 338972382324 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/safebrowsing.googleapis.com/overview?project=338972382324 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.”,
“status”: “PERMISSION_DENIED”,
“details”: [
{
“@type”: “type.googleapis.com/google.rpc.Help”,
“links”: [
{
“description”: “Google developers console API activation”,
“url”: “https://console.developers.google.com/apis/api/safebrowsing.googleapis.com/overview?project=338972382324”
}
]
},
{
“@type”: “type.googleapis.com/google.rpc.ErrorInfo”,
“reason”: “SERVICE_DISABLED”,
“domain”: “googleapis.com”,
“metadata”: {
“consumer”: “projects/338972382324”,
“service”: “safebrowsing.googleapis.com”
}
}
]
}
}

Public API enabled
enabled and runtime

The response body includes the match information (the list names and the URLs found on those lists, the metadata, if available, and the cache durations). For more details, see the threatMatches.find response body and the explanations that follow the code example.

Note: If there are no matches (that is, if none of the URLs specified in the request are found on any of the lists specified in a request), the HTTP POST response simply returns an empty object in the response body.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
procedure setTestData;
begin
JTESTDATA:=
  '{                                 '+LF+
  '"client": {                       '+LF+
  '  "clientId": "TestClient4",      '+LF+
  '  "clientVersion": "1.1"          '+LF+
  '},                                '+LF+
  '"threatInfo": {                   '+LF+
  '  "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],'+LF+
  '  "platformTypes":    ["LINUX"],                        '+LF+
  '  "threatEntryTypes": ["URL"],                          '+LF+
  '  "threatEntries": [                                    '+LF+
  '    {"url": "%s"}                        '+LF+
  '  ]                                                     '+LF+
  ' }                                                      '+LF+
  '}';
end;
 
 
function getPostGoogleAPI(feedstream, aApikey, tolang: string): string;
var
  Url,aAPI_KEY, source: string;
  jo, locate: TJSONObject;
  httpReq,hr: Olevariant;
  strm: TStringStream;
begin
  //setTestData before;
  httpReq:= CreateOleObject('WinHttp.WinHttpRequest.5.1');
  // Open the HTTPs connection. 
  try             
    hr:= httpReq.Open('POST',
               'https://safebrowsing.googleapis.com/v4/threatMatches:find?key='
                                                    +aApikey, false);
    httpReq.setRequestheader('user-agent',SUSERAGENT  );
    httpReq.setRequestheader('content-type','application/json');
    if hr= S_OK then HttpReq.Send(format(JTESTDATA,[feedstream]));
    //writeln(format(JTESTDATA,[feedstream]));
    If HttpReq.Status = 200 Then
       result:= HttpReq.responseText
    Else result:= 'Failed at getting response:'+itoa(HttpReq.Status)+HttpReq.responseText;
    //writeln('debug response '+HttpReq.GetAllResponseHeaders);    
  finally
    httpreq:= unassigned; 
  end;                 
end;
 
URLMALWARE ='http://malware.testing.google.test/testing/malware/';   
writeln('GPost: '+getPostGoogleAPI(URLMALWARE, GoogleApiKey,''));
 
>>> GPost: {
  "matches": [
    {
      "threatType": "MALWARE",
      "platformType": "LINUX",
      "threat": {
        "url": "http://malware.testing.google.test/testing/malware/"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    }
  ]
}
 
{"client":{"clientId":"TestClient4","clientVersion":"1.1"},"threatInfo":{"threatTypes":["MALWARE","SOCIAL_ENGINEERING"],"platformTypes":["LINUX"],"threatEntryTypes":["URL"],"threatEntries":[{"url":"%s"}]}}
GPost: {}

Early binding with ALHTTPClient

http://www.softwareschule.ch/examples/alhttpclient2.txt

The matches object lists the names of the Safe Browsing lists and the URLs—if there is match. In the example, two URLs (urltocheck1.org and urltocheck2.org) were found on one of the Safe Browsing lists (MALWARE/WINDOWS/URL) so the matching information is returned. The third URL (urltocheck3.org) was not found on either list, so no information is returned for this URL postulate:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
function TALHTTPClient_Post5GoogleAPI(aUrl: AnsiString;
                       feedstream, aapiKey: string;
                       aResponseContentStream:TStream;
                       aResponseContentHeader:TALHTTPResponseHeader):string;
Var
   FRequestHeader: TALHTTPRequestHeader;
   aPoststream: TStream;
begin
  with TALWininetHttpClient.create do begin
    Url:= aURL + aApikey;
    RequestMethod:= HTTPmt_Post; //HTTPrm_Post;
    RequestHeader.UserAgent:= SUSERAGENT;
    RequestHeader.ContentType:= 'application/json';
    //LHttpClient.RequestHeader.RawHeaderText:='
    try
      aPoststream:= TStringStream.create(format(JTESTDATA,[feedstream]));
      result:= Post3(Url, aPoststream); //overload;
    finally
      Free;
      aPostStream.Free;
    end;
  end; //with  
end;
 
writeln('GPost2: '+
    TALHTTPClient_Post5GoogleAPI(URL_SAFEBROWSING,URLMALWARE,GoogleApiKey,
                                                             Nil, Nil));
>>> GPost2: {
  "matches": [
    {
      "threatType": "MALWARE",
      "platformType": "LINUX",
      "threat": {
        "url": "http://malware.testing.google.test/testing/malware/"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    }
  ]
}
Metadata

The threatEntryMetadata field is optional and provides additional information about the threat match. Currently, metadata is available for the MALWARE/WINDOWS/URL Safe Browsing list (see Metadata).

Cache durations

The cacheDuration field indicates the amount of time the URL must be considered unsafe (see Caching).

Comments

Post a Comment

Popular posts from this blog

Python4Delphi

Image
In a future world you can decide belonging to SkyNet or Darknet, but you can not find the difference between an Android or Avatar cause humans doesn't exist anymore. Python for Delphi (P4D) is a set of free components that wrap up the Python DLL into Delphi and Lazarus (FPC). A DLL could be for example the 'python37.dll'. They let you almost easily execute Python scripts, create new Python modules and new Python types. You can create Python extensions as DLLs and much more like scripting or automating your console. P4D provides different levels of functionality: Low-level access to the Python API High-level bi-directional interaction with Python Access to Python objects using Delphi custom variants (VarPyth.pas) Wrapping of Delphi objects for use in Python scripts using RTTI (WrapDelphi.pas) Creating Python extension modules with Delphi classes, records and functions Generate Scripts in maXbox from a Python engine.   P4D makes it, after
Read more

Railuino

Image
  Hacking your Märklin This library allows you to control your digital Märklin railway using Arduino. https://code.google.com/archive/p/railuino/ I want to show especially the output of the C++ compiled library include <Railuino.h> Any ISP will need what Arduino calls output binaries and the rest of the world calls HEX files. These are produced when you Verify/Compile your sketch and contain the data the AVR microcontroller needs to run and in my case “C:\Users\max\AppData\Local\Temp\arduino_build_130743”. The Arduino IDE creates them in temporary folders in your user libraries. If everything has gone right, your folder should be full of output files, mostly with .o and .d extensions. These are used by linker and can be ignored. Where to find Arduino Hex files or Output Binaries The important files will be these, where the sketch is called CV.ino, so look for your own sketch name – so I show the top 6 files in the right sequence with explanat
Read more