Security/Safe Browsing

From MozillaWiki
Jump to: navigation, search

Note: The Safe Browsing feature in Firefox has been renamed to Phishing Protection, but it's still known as Safe Browsing internally.

Download Protection and Tracking protection have their own separate pages.

History

Google Safe Browsing was an anti-phishing extension released by Google on labs.google.com in December 2005. Google has released this extension to the Mozilla Foundation under MPL 1.1/GPL 2.0/LGPL 2.1 in order that it might be used as part of Firefox if desired. We've landed this change on the trunk as a global extension as of 7 March 2006. You can read the discussion that lead up to to its integration in https://bugzilla.mozilla.org/show_bug.cgi?id=329292

Google started migrating their Safe Browsing to version 4 of the protocol in 2015. We completed our V4 implementation in late 2017 and shipped it in Firefox 56 via a Shield gradual roll-out.

Prefs

  • browser.safebrowsing.blockedURIs.enabled: enable the plugin stability blocking (no override or UI)
  • browser.safebrowsing.debug: show debugging info from the JavaScript list update code on the command line as long as browser.dom.window.dump.enabled is also enabled
  • browser.safebrowsing.id: what SAFEBROWSING_ID in gethashURL and updateURL maps to
  • browser.safebrowsing.malware.enabled: enable malware protection (includes unwanted as well)
  • browser.safebrowsing.phishing.enabled: enable phishing protection
  • browser.safebrowsing.provider.google.gethashURL: server endpoint for completions of malware and phishing lists
  • browser.safebrowsing.provider.google.lists: list of tables coming from the Google Safe Browsing service
  • browser.safebrowsing.provider.google.reportURL: probably unused
  • browser.safebrowsing.provider.google.updateURL: server endpoint for malware and phishing list updates
  • browser.safebrowsing.provider.google.lastupdatetime: timestamp (in ms) of when the last list update happened.
  • browser.safebrowsing.provider.google.nextupdatetime: timestamp (in ms) of when the list should next be downloaded.
  • browser.safebrowsing.reportMalwareMistakeURL: destination for the "This isn't an attack site" button (after ignoring the interstitial warning)
  • browser.safebrowsing.reportPhishMistakeURL: destination for the "This isn't a web forgery" button (after ignoring the interstitial warning)
  • browser.safebrowsing.reportPhishURL: destination for the "Help | Report Web Forgery" menu item
  • urlclassifier.blockedTable: list of tables to use for the plugin stability blocking
  • urlclassifier.disallow_completions: list of tables for which we never call gethash
  • urlclassifier.gethashnoise: the number of fake entries to add to any gethash calls. Defaul value: 4. Maximum value: 999 (beyond, the Google request fails with HTTP 400).
  • urlclassifier.gethash.timeout_ms: the timeout after which gethash requests should be aborted
  • urlclassifier.malwareTable: list of tables to use when looking for malware (they need to be named *-malware-* or *-unwanted-*)
  • urlclassifier.max-complete-age: the maximum amount of time in seconds that a complete hash will be considered fresh and allowed to match
  • urlclassifier.phishTable: list of tables to use when looking for phishing (they need to be named *-phish-*)
  • urlclassifier.skipHostnames: comma-separated list of hostnames to exempt from Safe Browsing checks (hidden, only for temporary hotfix purposes)

Documentation

Engineering

Product/Component: Toolkit/Safe Browsing

  • Tracking bug (deprecated, do not use)
  • The Firefox implementation is split into a few parts:
    • browser/components/safebrowsing/ (front-end tests)
    • netwerk/base/nsChannelClassifier
    • toolkit/components/url-classifier/ (includes the list manager)
  • Local store is in:
    • ~/.cache/mozilla/firefox/XXXX/safebrowsing/ on Linux
    • ~/Library/Caches/Firefox/Profiles/XXXX/safebrowsing/ on Mac
    • C:\Users\XXXX\AppData\Local\mozilla\firefox\profiles\XXXX\safebrowsing\ on Windows
  • itisatrap.org test pages
  • Telemetry dashboard

Code walkthrough

Both nsBaseChannel::Open() and nsBaseChannel::AsyncOpen() ask for the channel to be "classified" by nsChannelClassifier. There is also a local-only classification that is requested by tracking protection.

While we collect information about each of the list matches in nsUrlClassifierClassifyCallback::HandleResult(), which is called for each matched list from nsUrlClassifierLookupCallback::HandleResults(), we pick only the highest priority list match and call OnClassifyComplete() in nsUrlClassifierClassifyCallback::HandleEvent() according to:

Then we return information about the list match. That causes the channel to be cancelled with that error code.

When the classification state of the page changes, the appropriate UI is shown.

Tests

Here are all of the tests which are relevant to Safe Browsing:

./mach gtest UrlClassifier*
./mach test toolkit/components/url-classifier/tests/browser/
./mach test toolkit/components/url-classifier/tests/unit/
./mach test toolkit/components/url-classifier/tests/mochitest/

as well as the ones in testing/firefox-ui/tests/functional/safebrowsing/.

Also relevant are the Tracking Protection tests.

QA

To turn on debugging output, export the following environment variables:

MOZ_LOG_FILE=/tmp/safebrowsing.log
MOZ_LOG="UrlClassifierDbService:5,nsChannelClassifier:5,UrlClassifierProtocolParser:5,UrlClassifierStreamUpdater:5,UrlClassifierPrefixSet:5"

and also see these prefs to see debugging output from the JS pieces of Safe Browsing:

 browser.dom.window.dump.enabled = true
 browser.safebrowsing.debug = true

Telemetry

Alerts are sent to safebrowsing-telemetry@mozilla.org.

Links