PHP check website url using safe browsing API

Question

I am trying to check whether the url is safe or not using Google Safe browsing API

I followed following tutorial

https://developers.google.com/safe-browsing/v4/get-started

I have completed following step as per above url guidence

1. Get an account
2. Create a project
3. Set up an API key

finally i end up with https://safebrowsing.googleapis.com/v4/...?key=API_KEY

my question is how i can pass website url to above safe browsing url

Answer 1

Complete the following steps to enable the API and get an API key:

1. Open the Google Developers Console API Library.
2. From the project drop-down, select a project or create a new one.
3. In the Google APIs tab, search for and select the Safe Browsing API, then click Enable API.
4. Next, in the sidebar on the left select Credentials.
5. Select the Create credentials drop-down, then choose API key.
6. Depending on your application, from the Create a new key pop-up, select Browser key or Server key.
7. Enter a name for the key, set up the optional referrers or IP addresses, then click Create. Your key is created and displayed in a pop-up window. The key is also listed on the Credentials page.

Here is cURL code 100% working

curl -X POST \
  'https://safebrowsing.googleapis.com/v4/threatMatches:find?key=YOUR_KEY_HERE' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'postman-token: ec7ffd77-d3fa-f017-44f9-d895efaba258' \
  -d '  {
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
        {"url": "http://stackoverflow.com/"}


      ]
    }
  }'

I got output

{
    "matches": [
        {
            "threatType": "SOCIAL_ENGINEERING",
            "platformType": "WINDOWS",
            "threat": {
                "url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"
            },
            "cacheDuration": "300s",
            "threatEntryType": "URL"
        }
    ]
}

Python example

import requests

url = "https://safebrowsing.googleapis.com/v4/threatMatches:find"

querystring = {"key":"YOUR_KEY"}

payload = """

  {
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
        {"url": "http://stackoverflow.com/"}


      ]
    }
  }

"""
headers = {
    'content-type': "application/json",
    'cache-control': "no-cache",
    'postman-token': "460d6d44-4a55-d6ab-fb58-2ff9fb306154"
    }

response = requests.request("POST", url, data=payload, headers=headers, params=querystring)

print(response.text)

PHP example

<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=YOUR_KEY",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => '  {
"client": {
  "clientId":      "yourcompanyname",
  "clientVersion": "1.5.2"
},
"threatInfo": {
  "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
  "platformTypes":    ["WINDOWS"],
  "threatEntryTypes": ["URL"],
  "threatEntries": [
    {"url": "https://accounts-wallets.redirectme.net/webapps/57a39/websrc"},
    {"url": "http://stackoverflow.com/"}


  ]
}
  }',
  CURLOPT_HTTPHEADER => array(
    "cache-control: no-cache",
    "content-type: application/json",
    "postman-token: b05b8d34-85f2-49cf-0f8e-03686a71e4e9"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Answer 2

The Request body for the post request will look like this:

{
    "client": {
      "clientId":      "yourcompanyname",
      "clientVersion": "1.5.2"
    },
    "threatInfo": {
      "threatTypes":      ["MALWARE", "SOCIAL_ENGINEERING"],
      "platformTypes":    ["WINDOWS"],
      "threatEntryTypes": ["URL"],
      "threatEntries": [
        {"url": "http://www.urltocheck1.org/"},
        {"url": "http://www.urltocheck2.org/"},
        {"url": "http://www.urltocheck3.com/"}
      ]
    }
}

As you can see you need to send the url in the threatEntries section. But you are passing the Google url(http://www.google.com), instead add the urls you need to check.

Its self explanatory, see: url to check1.org ("http://www.urltocheck1.org/")

source