2

I am trying to check whether the url is safe or not using Google Safe browsing API

I followed following tutorial

https://developers.google.com/safe-browsing/v4/get-started

I have completed following step as per above url guidence

  1. Get an account
  2. Create a project
  3. Set up an API key

finally i end up with https://safebrowsing.googleapis.com/v4/...?key=API_KEY

my question is how i can pass website url to above safe browsing url

Vision Coderz
  • 8,257
  • 5
  • 41
  • 57

2 Answers2

8

Complete the following steps to enable the API and get an API key:

  1. Open the Google Developers Console API Library.
  2. From the project drop-down, select a project or create a new one.
  3. In the Google APIs tab, search for and select the Safe Browsing API, then click Enable API.
  4. Next, in the sidebar on the left select Credentials.
  5. Select the Create credentials drop-down, then choose API key.
  6. Depending on your application, from the Create a new key pop-up, select Browser key or Server key.
  7. Enter a name for the key, set up the optional referrers or IP addresses, then click Create. Your key is created and displayed in a pop-up window. The key is also listed on the Credentials page.

Here is cURL code 100% working

curl -X POST \
  'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=YOUR_KEY_HERE' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'postman-token: ec7ffd77-d3fa-f017-44f9-d895efaba258' \
  -d '  {
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
        {"url": "http://stackoverflow.com/"}


      ]
    }
  }'

I got output

{
    "matches": [
        {
            "threatType": "SOCIAL_ENGINEERING",
            "platformType": "WINDOWS",
            "threat": {
                "url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"
            },
            "cacheDuration": "300s",
            "threatEntryType": "URL"
        }
    ]
}

Python example

import requests

url = "https://safebrowsing.googleapis.com/v4/threatMatches:find"

querystring = {"key":"YOUR_KEY"}

payload = """

  {
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
        {"url": "http://stackoverflow.com/"}


      ]
    }
  }

"""
headers = {
    'content-type': "application/json",
    'cache-control': "no-cache",
    'postman-token': "460d6d44-4a55-d6ab-fb58-2ff9fb306154"
    }

response = requests.request("POST", url, data=payload, headers=headers, params=querystring)

print(response.text)

PHP example

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=YOUR_KEY",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => '  {
"client": {
  "clientId":      "yourcompanyname",
  "clientVersion": "1.5.2"
},
"threatInfo": {
  "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
  "platformTypes":    ["WINDOWS"],
  "threatEntryTypes": ["URL"],
  "threatEntries": [
    {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
    {"url": "http://stackoverflow.com/"}


  ]
}
  }',
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache",
    "content-type: application/json",
    "postman-token: b05b8d34-85f2-49cf-0f8e-03686a71e4e9"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
Muhammad Hassaan
  • 7,296
  • 6
  • 30
  • 50
Umair Ayub
  • 19,358
  • 14
  • 72
  • 146
3

The Request body for the post request will look like this:

{
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "http://www.urltocheck1.org/"},
        {"url": "http://www.urltocheck2.org/"},
        {"url": "http://www.urltocheck3.com/"}
      ]
    }
}

As you can see you need to send the url in the threatEntries section. But you are passing the Google url(http://www.google.com), instead add the urls you need to check.

Its self explanatory, see: url to check1.org ("http://www.urltocheck1.org/")

source

Raghavendra N
  • 1,359
  • 1
  • 18
  • 36
  • 1
    @Raghavendra.Thanks for your answer.i checked with my own website url but its returning empty json . – Vision Coderz Dec 21 '16 at 16:49
  • 1
    yes it will return empty json if it doesn't find the url in their list. See **Note: If there are no matches (that is, if none of the URLs specified in the request are found on any of the lists specified in a request), the HTTP POST response simply returns an empty object in the response body** – Raghavendra N Dec 21 '16 at 22:50
  • as of now this url is marked as dangerous: `activefile.ucoz.com`. Try and see if you get any response. – Raghavendra N Dec 21 '16 at 22:51
  • @Raghavendra.now i am getting { "matches": [ { "threatType": "MALWARE", "platformType": "WINDOWS", "threat": { "url": "http://activefile.ucoz.com" }, "cacheDuration": "300s", "threatEntryType": "URL" } ] } – Vision Coderz Dec 22 '16 at 03:06
  • Where can I find the information "clientId" and "clientVersion"? Cause when I created the project it only gave me "project name", "project id" and "project number" – nix86 Sep 09 '19 at 12:55