Change the way Adguard checks domain with browsing security web service. #162

ameshkov opened this Issue Nov 6, 2015 · 1 comment


None yet

1 participant

ameshkov commented Nov 6, 2015

We now send domain and ip to the backend server to check it against our phishing/malware database. This is wrong and may look suspicious for user that domain name is sent in plain text.

Instead we should use a one-way hash to do the check (like SHA256). Thus user will be sure that we don't see the real domain names and thus we can't use that data in any way.

Checking against browsing security web service

Extract most significant parts of that host (in fact just extract subdomains and concatenate for '/') AND ip address.
Calculate SHA256 hashes for both domains:   ->   6372934A1C222E79F9C6B60833C24C0CBF63FFF53BF2C8CDC874C4F3BEFE2B3A           ->   C9529394138C895A50E70E537673B48A7BA0ED6D7BDC2CFC0BB205AA3B7BEDBE           ->  719AEECD10F94270B6D21C837150D8DCA8BD7D55C8065AD40094052165DECC38
Get prefixes (substring length=8)    ->    6372934A                  ->     C9529394                   ->    719AEECD
Send these prefixes to the backend server (separate with "/")
GET /safebrowsing-lookup-hash.html?prefixes=6372934A/C9529394/719AEECD
Response will contain list of all hashes found, list name and a chunk id



If nothing found server will return empty response 204 No Content.

Check if any of returned full hashes match any of your hashes.

Real life example

  1. Check
  2. Extract hashes and prefixes
  3. Request:
  4. Response matches one of significant host parts:
@ameshkov ameshkov added the Enhancement label Nov 6, 2015
@ameshkov ameshkov self-assigned this Nov 6, 2015
@ameshkov ameshkov added this to the 2.5 milestone Nov 6, 2015
@ameshkov ameshkov referenced this issue in AdguardTeam/AdguardBrowserExtension Nov 6, 2015

Change the way Adguard checks domain with browsing security web service. #50

@ameshkov ameshkov changed the title from Browsing Security service requests to Change the way Adguard checks domain with browsing security web service. Nov 6, 2015
ameshkov commented Nov 6, 2015

Implemented in Android

@ameshkov ameshkov closed this Nov 6, 2015
@ameshkov ameshkov modified the milestone: 2.1 patch 2, 2.5 Nov 11, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment