Code to verify updates from the Google Safe Browsing API

In order to verify the data coming from the Google Safe Browsing API, you can calculate a Message Authentication Code (MAC) for each update. The instructions to do this (from Google) are:

The MAC is computed from an MD5 Digest over the following information: client_key|separator|table data|separator|client_key. The separator is the string:coolgoog: - that is a colon followed by "coolgoog" followed by a colon. The resulting 128-bit MD5 digest is websafe base-64 encoded.

There's also example data to check against:

client key: "8eirwN1kTwCzgWA2HxTaRQ=="

response:

[goog-black-hash 1.180 update][mac=dRalfTU+bXwUhlk0NCGJtQ==]
+8070465bdf3b9c6ad6a89c32e8162ef1   
+86fa593a025714f89d6bc8c9c5a191ac
+bbbd7247731cbb7ec1b3a5814ed4bc9d
*Note that there are tabs at the end of each line.

I'm unable to get a match. Please either point out where I'm going wrong, or just write the couple of lines of Python code necessary to do this!

FWIW, I expected to be able to do something like this:

>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ=="
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'qfb50mxpHrS82yTofPkcEg==\n'

But as you can see, 'qfb50mxpHrS82yTofPkcEg==\n' != 'dRalfTU+bXwUhlk0NCGJtQ=='.


Asked by: Emma902 | Posted: 24-09-2021






Answer 1

Anders' answer gives the necessary information, but isn't that clear: the client key needs to be decoded before it is combined. (The example above is also missing a newline at the end of the final table data).

So the working code is:

>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t\n"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')                            
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'dRalfTU+bXwUhlk0NCGJtQ==\n'

Answered by: Emma327 | Posted: 25-10-2021



Answer 2

c="8eirwN1kTwCzgWA2HxTaRQ==".decode('base64')

Answered by: Ada949 | Posted: 25-10-2021



Similar questions

python - class browsing in django

I'd like to browse active classes in Django. I think I'd learn a lot that way. So what's a good way to do that? I could use IDLE if I knew how to start Django from within IDLE. But as I'm new to Python/Django, I'm not particularly wedded to IDLE. Other alternatives?


python - Browsing for All Bonjour services

I want to write a python program which browses for all existing Bonjour services in my local network. And I ask if there is some way to do it since services come and go all the time?


python - How to log the browsing history by packet sniffing?

I would like to log my browsing history in a separate file. I would like to do this by logging the network traffic and in specific the HTTP get requests originating from my PC. I would like to do this in Python but I have no idea where to start with.


python - How to make PyQt webkit fast for modern browsing?

I have been playing around with PyQt4 and have realised that it does not live up to my expectations. Consider the code import sys from PyQt4.QtCore import Qt from PyQt4.QtGui import QPalette, QGraphicsScene, QGraphicsProxyWidget, QGraphicsView, QPainter from PyQt4.QtOpenGL import QGLWidget from PyQt4.QtCore import QObject, pyqtSlot, QUrl from PyQt4.QtGui import QApplication from PyQt4.QtWebKit import QWebVi...


How to select the most recent browsing window in python selenium

When I run the following code, it opens two browsing windows; the second is automatically open when the code hit the 'submitOrder' button. from selenium import webdriver from selenium.webdriver.common.keys import Keys browser = webdriver.Firefox() url = 'http://example.com' browser.get(url) browser.find_element_by_id('submitOrder').click() Now I have to hit the 'checkout' button in t...


python - How to go back in PyCharm while browsing code like we have a back button in eclipse?

While browsing the code in PyCharm(community edition) how to go back to the previously browsed section? I am looking for eclipse back button type functionality with Pycharm.


Browsing not shown for Python GUI Tkinter

I have done a simple tkinter GUI, i wanted a browse button but it doesn't seem to appear #!/usr/bin/env python import Tkinter as tk class Application(tk.Frame): def __init__(self, master=None): tk.Frame.__init__(self, master) self.grid() self.quit_program() def quit_program(self): self.quitButton = tk.Button(self,...


python - Unsafe browsing

When trying to visit some website that contain some malicious content, browsers such as Firefox , Google Chrome or Internet Explorer display a message like this one underlying it is unsafe to browse the website in question, as shown on this picture: I am using Python with Seleinum to launch a websites (on windows xp) in Firefo...


Unable to use google search browsing api lookup in python

I am trying to implement Google Safe Browsing API into my python script but cannot get it to work properly. Code shown below import urllib2 key = 'mykey' URL = "https://sb-ssl.google.com/safebrowsing/api/lookup?client=python&apikey={key}&appver=1.0&pver=3.0&url={url}" def is_safe(key, url): response = urllib2.urlopen(url).read().decode("utf8") return reponse != 'malware' print(is_s...


python - Error while browsing MBeans in WLST

Trying to access an OAM identity asserter through WLST. I use the cd command to navigate through Security, Authentication Providers to the list of Providers. I try cd to the OAM Identity Asserter and it produces the following error: Error while browsing MBeans : java.lang.ClassNotFoundException: oracle.security.wls.oam.providers.asserter.OAMIdentityAsserterMBea...






Still can't find your answer? Check out these communities...



PySlackers | Full Stack Python | NHS Python | Pythonist Cafe | Hacker Earth | Discord Python



top