New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the way Adguard checks domain with browsing security web service. #162

Closed
ameshkov opened this Issue Nov 6, 2015 · 1 comment

Comments

Projects
None yet
1 participant
@ameshkov
Copy link
Member

ameshkov commented Nov 6, 2015

We now send domain and ip to the backend server to check it against our phishing/malware database. This is wrong and may look suspicious to users that domain name is sent in plain text.

Instead we should use a one-way hash to do the check (like SHA256). Thus user will be sure that we don't see the real domain names and thus we can't use that data in any way.

Checking example.domain.com against browsing security web service

Extract most significant parts of that host (in fact just extract subdomains and concatenate for '/') AND ip address.
example.domain.com/
domain.com/
192.168.0.1/
Calculate SHA256 hashes for both domains:
example.domain.com/   ->   6372934A1C222E79F9C6B60833C24C0CBF63FFF53BF2C8CDC874C4F3BEFE2B3A
domain.com/           ->   C9529394138C895A50E70E537673B48A7BA0ED6D7BDC2CFC0BB205AA3B7BEDBE
192.168.0.1/           ->  719AEECD10F94270B6D21C837150D8DCA8BD7D55C8065AD40094052165DECC38
Get prefixes (substring length=8)
example.domain.com/    ->    6372934A
domain.com/                  ->     C9529394
192.168.0.1/                   ->    719AEECD
Send these prefixes to the backend server (separate with "/")
GET /safebrowsing-lookup-hash.html?prefixes=6372934A/C9529394/719AEECD
Response will contain list of all hashes found, list name and a chunk id
listName:chunkId:fullHash

Example

adguard-phishing-shavar:123123:6372934A1C222E79F9C6B60833C24C0CBF63FFF53BF2C8CDC874C4F3BEFE2B3A
adguard-malware-shavar:53123:719AEECD10F94270B6D21C837150D8DCA8BD7D55C8065AD40094052165DECC38

If nothing found server will return empty response 204 No Content.

Check if any of returned full hashes match any of your hashes.

Real life example

  1. Check some.malware.vv.cc
  2. Extract hashes and prefixes
  3. Request:
    https://sb.adtidy.org/safebrowsing-lookup-hash.html?prefixes=BDAF54CF/6BC91F66/AE617C83
  4. Response matches one of significant host parts:
adguard-malware-shavar:35176:AE617C8343E1C79E27515B3F6D6D26413FCE47AE32A73488F9D033B4D2A46B3D
adguard-phishing-shavar:35071:AE617C8343E1C79E27515B3F6D6D26413FCE47AE32A73488F9D033B4D2A46B3D

@ameshkov ameshkov added the Enhancement label Nov 6, 2015

@ameshkov ameshkov self-assigned this Nov 6, 2015

@ameshkov ameshkov added this to the 2.5 milestone Nov 6, 2015

@ameshkov ameshkov changed the title Browsing Security service requests Change the way Adguard checks domain with browsing security web service. Nov 6, 2015

@ameshkov

This comment has been minimized.

Copy link
Member Author

ameshkov commented Nov 6, 2015

Implemented in Android

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment