Change the way Adguard checks domain with browsing security web service. #162

Closed
ameshkov opened this Issue Nov 6, 2015 · 1 comment

Projects

None yet

1 participant

@ameshkov
Member
ameshkov commented Nov 6, 2015

We now send domain and ip to the backend server to check it against our phishing/malware database. This is wrong and may look suspicious for user that domain name is sent in plain text.

Instead we should use a one-way hash to do the check (like SHA256). Thus user will be sure that we don't see the real domain names and thus we can't use that data in any way.

Checking example.domain.com against browsing security web service

Extract most significant parts of that host (in fact just extract subdomains and concatenate for '/') AND ip address.
example.domain.com/
domain.com/
192.168.0.1/
Calculate SHA256 hashes for both domains:
example.domain.com/   ->   6372934A1C222E79F9C6B60833C24C0CBF63FFF53BF2C8CDC874C4F3BEFE2B3A
domain.com/           ->   C9529394138C895A50E70E537673B48A7BA0ED6D7BDC2CFC0BB205AA3B7BEDBE
192.168.0.1/           ->  719AEECD10F94270B6D21C837150D8DCA8BD7D55C8065AD40094052165DECC38
Get prefixes (substring length=8)
example.domain.com/    ->    6372934A
domain.com/                  ->     C9529394
192.168.0.1/                   ->    719AEECD
Send these prefixes to the backend server (separate with "/")
GET /safebrowsing-lookup-hash.html?prefixes=6372934A/C9529394/719AEECD
Response will contain list of all hashes found, list name and a chunk id
listName:chunkId:fullHash

Example

adguard-phishing-shavar:123123:6372934A1C222E79F9C6B60833C24C0CBF63FFF53BF2C8CDC874C4F3BEFE2B3A
adguard-malware-shavar:53123:719AEECD10F94270B6D21C837150D8DCA8BD7D55C8065AD40094052165DECC38

If nothing found server will return empty response 204 No Content.

Check if any of returned full hashes match any of your hashes.

Real life example

  1. Check some.malware.vv.cc
  2. Extract hashes and prefixes
  3. Request:
    https://sb.adtidy.org/safebrowsing-lookup-hash.html?prefixes=BDAF54CF/6BC91F66/AE617C83
  4. Response matches one of significant host parts:
adguard-malware-shavar:35176:AE617C8343E1C79E27515B3F6D6D26413FCE47AE32A73488F9D033B4D2A46B3D
adguard-phishing-shavar:35071:AE617C8343E1C79E27515B3F6D6D26413FCE47AE32A73488F9D033B4D2A46B3D
@ameshkov ameshkov added the Enhancement label Nov 6, 2015
@ameshkov ameshkov self-assigned this Nov 6, 2015
@ameshkov ameshkov added this to the 2.5 milestone Nov 6, 2015
@ameshkov ameshkov referenced this issue in AdguardTeam/AdguardBrowserExtension Nov 6, 2015
Closed

Change the way Adguard checks domain with browsing security web service. #50

@ameshkov ameshkov changed the title from Browsing Security service requests to Change the way Adguard checks domain with browsing security web service. Nov 6, 2015
@ameshkov
Member
ameshkov commented Nov 6, 2015

Implemented in Android

@ameshkov ameshkov closed this Nov 6, 2015
@ameshkov ameshkov modified the milestone: 2.1 patch 2, 2.5 Nov 11, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment