DEVHIDE
Login Or Sign up

Google web-risk API and SafeBrowsing api returns safe for phishing site

1.4k Views Asked by At

Following instructions here, the following code appears to return good results on the example sites, but on an actual phishing site (https://www.clicktrackingsall.com/a.php) it returns empty:

const axios = require('axios');
const apikey = '<apikey>';
const req = (uri) => `https://webrisk.googleapis.com/v1/uris:search?key=${apikey}&threatTypes=MALWARE&threatTypes=SOCIAL_ENGINEERING&threatTypes=UNWANTED_SOFTWARE&uri=${encodeURIComponent(uri)}`
const checkUrl = async (url) => {
    return axios.get(req(url));
}

// returns threatTypes: [ 'SOCIAL_ENGINEERING' ]
checkUrl('http://testsafebrowsing.appspot.com/s/phishing.html').then(({data}) => console.log(data));

// returns threatTypes: [ 'MALWARE' ]
checkUrl('http://testsafebrowsing.appspot.com/s/malware.html').then(({data}) => console.log(data));

// returns empty result
checkUrl('https://www.clicktrackingsall.com/a.php').then(({data}) => console.log(data));

When navigating to the page with chrome, it does block it. Using the google transparency report also returns phishing.

Also occurs when using the Safe Browsing api 

const axios = require('axios');
const url = 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=<yourapikey>';
const jsonReq = {
    "client": {
    "clientId":      "<client-id>",
    "clientVersion": "<client-version>"
  },
  "threatInfo": {
    "threatTypes":      [ "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE", "POTENTIALLY_HARMFUL_APPLICATION"],
    "platformTypes":    ["ANY_PLATFORM"],
    "threatEntryTypes": ["URL","EXECUTABLE"],
    "threatEntries": [
        {"url":"http://testsafebrowsing.appspot.com/s/phishing.html"},
        {"url":"http://testsafebrowsing.appspot.com/s/malware.html"},
        {"url":"https://www.clicktrackingsall.com/a.php"},
        {"url":"http://getnetflix.club/"}
    ]
  }
};
axios.post(url, jsonReq).then(result => {
    console.log(JSON.stringify(result.data, null, 2));
})

/* prints:
{
  "matches": [
    {
      "threatType": "SOCIAL_ENGINEERING",
      "platformType": "ANY_PLATFORM",
      "threat": {
        "url": "http://testsafebrowsing.appspot.com/s/phishing.html"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    },
    {
      "threatType": "MALWARE",
      "platformType": "ANY_PLATFORM",
      "threat": {
        "url": "http://testsafebrowsing.appspot.com/s/malware.html"
      },
      "cacheDuration": "300s",
      "threatEntryType": "URL"
    }
  ]
}*/

Am I doing something wrong?

phishing safe-browsing safe-browsing-api google-cloud-webrisk
Original Q&A
1

There are 1 best solutions below

0
Tung Dmctv On

I got the same result, it returns empty: {} in CURL

except only their own example, as I tried to change url or threatTypes It return nothing.

curl -X GET \ 
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
""https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html""

Related Questions in PHISHING

Related Questions in SAFE-BROWSING

Related Questions in SAFE-BROWSING-API

Related Questions in GOOGLE-CLOUD-WEBRISK

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.