在 Google 安全浏览中,有两种方法可以测试 URL 是否为网络钓鱼 URL:
在这个问题中,我专注于基于哈希的解决方案,更好地保护隐私,就像 Firefox 等浏览器使用的那样。
为此,浏览器会下载一个哈希数据库goog-phish-shavar,该数据库保存为 ~/.cache/mozilla/firefox/<profile_folder>/safebrowsing/goog-phish-shavar.sbstore.
现在,我想在命令行中测试一个 URL,如下所示
test-safebrowsing-url goog-phish-shavar.sbstore http://example-phishing.com
这个怎么做?
The files that you are looking at are Firefox-specific and so you'll need something like sbdbdump to extract the hash prefixes from it:
cd ~/.cache/mozilla/firefox/<profile_folder>/safebrowsing/
~/sbdbdump/dump.py -v --name goog-phish-shavar . > ~/goog-phish-shavar.hashes
and then you'll have to convert a URL to its possible hashes following the hashing rules. regexp-lookup.py can help with that.
Finally, you'll have to check all of the URL hashes against the list of prefixes. If you find any matches, you need to make a request for the full hashes that start with that prefix.
对于Google Safe Browsing v3,有https://github.com/Stefan-Code/gglsbl3。
对于Google Safe Browsing v4,有https://github.com/afilipovich/gglsbl
它们都支持基于哈希的分析的命令行使用。