With the Google Safe Browsing API, you can query URLs to detect and alert on malicious or phishing sites. By adding this to the Bro Network Security Monitor, you would gain alerts and protection for all users on a network.
What it does
The idea here is to integrate the Bro network security monitor with Google's Safe Browsing API. Bro is a passive network security monitor -- it receives a copy of your network traffic, and it's able to analyze the higher-level protocols to log details like URLs, file hashes, SSL certificates, etc. Bro monitors and secures everything from their wireless nets to some of the largest supercomputers.
How I built it
We integrated Bro with Google Safe Browsing APIs. These are the steps by steps description of what we did: 1) Figured out a way to connect to Google APIs via C++ library (libcurl). 2) Encoded the URLs as per the formats given by the Google Developer Guide. 3) Requested the lists and parsed over them to collect URLs, hashes, refresh time, etc. 4) Parsed the hashes and requested the full hashes. 5) Added the basic support for Proto Buffers to parse the reply from Google.
Accomplishments that I'm proud of
Done good amount of work in given time. Complete Source code can be found here: https://github.com/grigorescu/hackIllinois2016/tree/master/src
What I learned
Learned about the Bro: Network Security Monitoring Tool. It is an excellent tool, with more and more attacks are increasing over the Internet. Bro can analyse and predict them.
What's next for Bro: Google Safe Browsing
Work on it can be improved. With limited amount of time, List of the issues that to be worked upon: https://github.com/grigorescu/hackIllinois2016/issues.