gpt4 book ai didi

phishing - Google web-risk API 和 SafeBrowsing api 返回钓鱼网站安全

转载 作者:行者123 更新时间:2023-12-05 07:08:30 25 4
gpt4 key购买 nike

遵循说明 here ,以下代码在示例站点上似乎返回了良好的结果,但在实际的网络钓鱼站点 (https://www.clicktrackingsall.com/a.php) 上它返回空值:

const axios = require('axios');
const apikey = '<apikey>';
const req = (uri) => `https://webrisk.googleapis.com/v1/uris:search?key=${apikey}&threatTypes=MALWARE&threatTypes=SOCIAL_ENGINEERING&threatTypes=UNWANTED_SOFTWARE&uri=${encodeURIComponent(uri)}`
const checkUrl = async (url) => {
return axios.get(req(url));
}

// returns threatTypes: [ 'SOCIAL_ENGINEERING' ]
checkUrl('http://testsafebrowsing.appspot.com/s/phishing.html').then(({data}) => console.log(data));

// returns threatTypes: [ 'MALWARE' ]
checkUrl('http://testsafebrowsing.appspot.com/s/malware.html').then(({data}) => console.log(data));

// returns empty result
checkUrl('https://www.clicktrackingsall.com/a.php').then(({data}) => console.log(data));

使用 chrome 导航到页面时,它会阻止它。使用 google transparency report还会返回网络钓鱼。

在使用 Safe Browsing 时也会发生接口(interface)

const axios = require('axios');
const url = 'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=<yourapikey>';
const jsonReq = {
"client": {
"clientId": "<client-id>",
"clientVersion": "<client-version>"
},
"threatInfo": {
"threatTypes": [ "MALWARE", "SOCIAL_ENGINEERING", "UNWANTED_SOFTWARE", "POTENTIALLY_HARMFUL_APPLICATION"],
"platformTypes": ["ANY_PLATFORM"],
"threatEntryTypes": ["URL","EXECUTABLE"],
"threatEntries": [
{"url":"http://testsafebrowsing.appspot.com/s/phishing.html"},
{"url":"http://testsafebrowsing.appspot.com/s/malware.html"},
{"url":"https://www.clicktrackingsall.com/a.php"},
{"url":"http://getnetflix.club/"}
]
}
};
axios.post(url, jsonReq).then(result => {
console.log(JSON.stringify(result.data, null, 2));
})

/* prints:
{
"matches": [
{
"threatType": "SOCIAL_ENGINEERING",
"platformType": "ANY_PLATFORM",
"threat": {
"url": "http://testsafebrowsing.appspot.com/s/phishing.html"
},
"cacheDuration": "300s",
"threatEntryType": "URL"
},
{
"threatType": "MALWARE",
"platformType": "ANY_PLATFORM",
"threat": {
"url": "http://testsafebrowsing.appspot.com/s/malware.html"
},
"cacheDuration": "300s",
"threatEntryType": "URL"
}
]
}*/

我做错了什么吗?

最佳答案

我得到了相同的结果,它返回空:{} in CURL

除了他们自己的例子,因为我试图改变 url 或 threatTypes 它什么都不返回。

curl -X GET \ 
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
""https://webrisk.googleapis.com/v1/uris:search?threatTypes=MALWARE&uri=http%3A%2F%2Ftestsafebrowsing.appspot.com%2Fs%2Fmalware.html""

关于phishing - Google web-risk API 和 SafeBrowsing api 返回钓鱼网站安全,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61867168/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com