Osprey: Browser Protection

Hello @Stupendous Man
Yes...Thanks. As I recall. I checked my link several times...at the time. Maybe, something went wonky when MT mod locked the thread. Maybe, messages were deleted. Thanks again.
--
fwiw ~ this link calls #417...at this time.
https://malwaretips.com/threads/osprey-browser-protection-discussion-and-updates.135565/page-21#post-1136402

Spoiler: related pic

 

Thankls all and @bjm_

Using Firefox, SmartScreen only works on my Win10 machine if it scans downloaded files that try to run. It doesn't block malicious websites, that I am aware of anyway.

 

Thank you Foulest for creating the extension. Please see the below initial ideas.

1) Add an option to keep logs of a domain for only 24 hours and to reprocess the list via the security providers at 1 minute and 1 day intervals. This will help alert you when you initially receive an all-clear result but the databases needed some time to update. For example, DNS0.eu may respond with the real address of a new malware domain initially, but less than 1 minute later, it fetches the intelligence information and adds the domain to the blocklist.

2) Add additional security providers

• FortiGuard

Replace "#############" with the domain you want to lookup.

Code:

https://www.fortiguard.com/api/encyclopedia/search?q=#############&offset=0&limit=20&sort=0&filters=outbreakalert,threatactor,signalreport,srvupd,botnet,rhsp,dlp,ips,fwb,fadc,app,fortidast,isdb,otsips,otsapp,iotapp,otapp,otips,endpoint-vuln,mob,av,fortidevsec,wf,dns,geoip,ioc,as,botnetip

• DOH Security Providers

Code:

https://support.opendns.com/hc/en-us/articles/360038086532-Using-DNS-over-HTTPS-DoH-with-OpenDNS
https://secure.avastdns.com/dns-query
https://vercara.digicert.com/ultra-dns-public
https://www.cira.ca/en/canadian-shield/configure/chrome/
https://dns.yandex.com

• Bitdefender (aka TrafficLight)

Code:

https://chromewebstore.google.com/detail/trafficlight/cfnpidifppmenkapgihekkeednfoenal
https://nimbus.bitdefender.net/url/status

• Symantec Browser Protection

Code:

https://chromewebstore.google.com/detail/symantec-browser-protecti/hielpjjagjimpgppnopiibaefhfpbpfn
https://ent-shasta-rrs.symantec.com/webpulse/

• Avira Browser Safety

Code:

https://chromewebstore.google.com/detail/avira-browser-safety/flliilndjeohchalpbbcdekjklbdgfkk
https://v2.auc.avira.com/api/query

• AVG

Code:

https://chromewebstore.google.com/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo
https://urlite.ff.avast.com

• Trend Micro (did not review)

Code:

https://chromewebstore.google.com/detail/trend-micro-security/ibojepnlfiefkikckgmljdaogmgopbnn?prefix=6c217-157

3) Safe Browsing Proxies
safebrowsing.brave.com is one example for people who want to proxy safebrowsing.googleapis.com. Apple also has a proxy, but I can't recall the server address off the top of my head.

4) Option to check against common public malware lists (typically used by Pi-hole, AdGuard Home, and uBlock Origin) and provide automatic feedback when an item is detected by security providers but not included in any of the blocklists. This feedback could take different forms, such as:

• A simple alert with detailed information
• Automating the addition of the item to a custom filtering rule in your local DNS filter server
• Automatically adding the item to a new shared database list
• Submitting a report to one of the common public malware lists

 

I can't add any of your suggested APIs for legal reasons. I need permission to use them from the companies themselves.

I'll take your other suggestions under consideration.

 

Thanks, I was only suggesting the APIs because the companies already offer free services, and I thought that would make it easier to reach out to them compared to companies that only offer paid services. Otherwise your best luck would be reaching out to small security companies like HYAS that do offer free DNS filtering for home users.

 

The Apple Safe Browsing was "proxy.safebrowsing.apple".

Also, a small suggestion for Osprey. What about adding or updating to DNS0.eu Zero instead of just DNS0.eu? This provides a higher level of protection then the normal offering.

 

Create your own protective dns server, collect the best community/paid blocklists available (partner with the blocklist maintainers/threat intel providers) then add to Osprey.

 

False positives over anything else.

 

A new version of Osprey was released a couple of minutes ago:

Changes in 1.3.6

• Removed G DATA API from project per request
• Improved URL processing before requests
• Improved ignoring sites with the new global allowed cache
• Added RegEx support to the global allowed cache
• Modified order of protection providers
• Reduced hardcoded/magic values across codebase
• Cleaned up code with improved standards

This update has been submitted to all extension stores.

https://github.com/Foulest/Osprey/releases

 

Thanks for posting, stapp.

 

Many thanks, @stapp.