[Bro] Bro --> Google Safe Browsing API?

Doug Burks doug.burks at gmail.com
Wed Mar 25 06:22:56 PDT 2015


Hi Stephen,

Does the rate limiting apply to the new "API v3"?

"The Safe Browsing API is an experimental API that enables
applications to download an encrypted table for local, client-side
lookups of URLs that you would like to check. In 2014, we published a
new version (v3) of the Safe Browsing API, which adds features and
efficiency improvements to the previous v2. The Safe Browsing API is
used by several browsers, including Google Chrome and Mozilla Firefox.
You can start using the Safe Browsing API v3 now."

https://developers.google.com/safe-browsing/

On Wed, Mar 25, 2015 at 9:13 AM, Hosom, Stephen M <hosom at battelle.org> wrote:
> I was actually looking at this yesterday, however, because of the way that Google implements the API, this is non-trivial and would not really be something that I would feel comfortable using the current active http function(s) for. Basically, the API has requirements that you implement their rate limiting at the client level... so under certain conditions, Google could tell you 'Do not query again for another hour' and you're supposed to play along with their request.
>
> Rumor has it that someone is working on the active http module, so, I haven't looked into doing any of that myself. I'd love to take on Safe Browsing integration though. Maybe I'll just look into making Safe Browsing its own full blown plugin? Querying safe-browsing for at least the links that I parse from emails would be extremely desirable from my perspective.
>
> If you want to talk about it, feel free to ping me on IRC, since I'm always logged in during the day anyway, or, we can just keep the discussion on the mailing list so everyone can feel free to chime in.
>
> -----Original Message-----
> From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Doug Burks
> Sent: Wednesday, March 25, 2015 8:53 AM
> To: <bro at bro.org>
> Subject: [Bro] Bro --> Google Safe Browsing API?
>
> Hello all,
>
> Has anybody developed a script to have Bro query the Google Safe Browsing API?
>
> http://googleonlinesecurity.blogspot.com/2015/03/even-more-unwanted-software-protection.html
>
> https://developers.google.com/safe-browsing/
>
> Thanks!
>
> --
> Doug Burks
> Need Security Onion Training or Commercial Support?
> http://securityonionsolutions.com
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
Doug Burks
Need Security Onion Training or Commercial Support?
http://securityonionsolutions.com



More information about the Bro mailing list