How to dynamically generate the hash value of a file while it gets downloaded from any website?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.
I hope you understood my problem statement and I request you to help me in solving it.
hash
New contributor
add a comment |
I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.
I hope you understood my problem statement and I request you to help me in solving it.
hash
New contributor
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
15
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
3
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday
add a comment |
I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.
I hope you understood my problem statement and I request you to help me in solving it.
hash
New contributor
I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.
I hope you understood my problem statement and I request you to help me in solving it.
hash
hash
New contributor
New contributor
edited yesterday
Snehitha Gaddam
New contributor
asked yesterday
Snehitha GaddamSnehitha Gaddam
112
112
New contributor
New contributor
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
15
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
3
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday
add a comment |
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
15
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
3
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
15
15
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
3
3
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday
add a comment |
1 Answer
1
active
oldest
votes
Agreed with vidarlo, this is impossible.
Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!
What is possible is a script that hashes each file in your downloads
directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.
It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Agreed with vidarlo, this is impossible.
Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!
What is possible is a script that hashes each file in your downloads
directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.
It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
add a comment |
Agreed with vidarlo, this is impossible.
Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!
What is possible is a script that hashes each file in your downloads
directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.
It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
add a comment |
Agreed with vidarlo, this is impossible.
Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!
What is possible is a script that hashes each file in your downloads
directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.
It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.
Agreed with vidarlo, this is impossible.
Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!
What is possible is a script that hashes each file in your downloads
directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.
It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.
answered yesterday
keithRozariokeithRozario
1,124213
1,124213
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
add a comment |
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.
– Snehitha Gaddam
yesterday
1
1
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.
– vidarlo
yesterday
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?
– Snehitha Gaddam
17 hours ago
add a comment |
Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.
– Johnny
yesterday
15
You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.
– vidarlo
yesterday
3
The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.
– gowenfawr
yesterday