How to dynamically generate the hash value of a file while it gets downloaded from any website?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







2















I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.










share|improve this question









New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    yesterday






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    yesterday






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    yesterday


















2















I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.










share|improve this question









New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    yesterday






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    yesterday






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    yesterday














2












2








2








I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.










share|improve this question









New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I've tried generating the hash value of a file that is trying to get downloaded and compared it against the list of hash values, and if there is a match then it doesn't get downloaded.Here i have manually given the details of websites url and the file that needs to be downloaded. Now i need this to be happen dynamically i.e whenever a file from any website is trying to get downloaded then its hash value should be generated and if it matches with the list of hash values available then it shouldn't get downloaded otherwise it can download.I also have idea of injecting a plugin on to the browser where this functionality is dynamically executed. But I don't know if the this workout or not.



I hope you understood my problem statement and I request you to help me in solving it.







hash






share|improve this question









New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited yesterday







Snehitha Gaddam













New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked yesterday









Snehitha GaddamSnehitha Gaddam

112




112




New contributor




Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Snehitha Gaddam is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    yesterday






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    yesterday






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    yesterday



















  • Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

    – Johnny
    yesterday






  • 15





    You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

    – vidarlo
    yesterday






  • 3





    The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

    – gowenfawr
    yesterday

















Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

– Johnny
yesterday





Just to be certain: you want to blacklist specific downloads on a file-by-file basis? This seems like an incredibly laborious process.

– Johnny
yesterday




15




15





You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

– vidarlo
yesterday





You have to download the file first to calculate the hash value. And which attacks will this discourage? Hash verification is fine for verifying that you didn't get a corrupt download, but less fine for verifying attacks, unless the hashes (or file) is signed by a trusted key.

– vidarlo
yesterday




3




3





The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

– gowenfawr
yesterday





The definition of "downloaded" might matter here. If the data is transferred but not saved after checking the hash, then by some definition the download was prevented.

– gowenfawr
yesterday










1 Answer
1






active

oldest

votes


















9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer
























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    yesterday






  • 1





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    yesterday













  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    17 hours ago












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer
























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    yesterday






  • 1





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    yesterday













  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    17 hours ago
















9














Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer
























  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    yesterday






  • 1





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    yesterday













  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    17 hours ago














9












9








9







Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.






share|improve this answer













Agreed with vidarlo, this is impossible.



Ultimately, you'll need to download the file, in order to determine its hash. What you're asking is to determine the hash of a file before downloading it!



What is possible is a script that hashes each file in your downloads directory and then perform some action depending on the hash matching. The script could be scheduled to run every 10 minutes or so.



It's hard to make a recommendation, since we have no idea what it is you're trying to accomplish by blacklisting a specific file.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









keithRozariokeithRozario

1,124213




1,124213













  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    yesterday






  • 1





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    yesterday













  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    17 hours ago



















  • Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

    – Snehitha Gaddam
    yesterday






  • 1





    Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

    – vidarlo
    yesterday













  • I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

    – Snehitha Gaddam
    17 hours ago

















Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

– Snehitha Gaddam
yesterday





Thank you keithRazario , I totally understood your solution. This is regarding my project named Formgrabbing malware analysis. The hashing technique is one of the prevention techniques I thought of using. Here I need not actually have the file of hash values which is signed by a trusted key. I just have to present my idea for demo purpose.

– Snehitha Gaddam
yesterday




1




1





Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

– vidarlo
yesterday







Executables on windows supports digital signatures. It's very commonly used. What will your scheme add? Who approves or disapproves files? Remember that a compiled executable is a complex beast that can behave differently dependent on the environment.

– vidarlo
yesterday















I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

– Snehitha Gaddam
17 hours ago





I also have another concern with the solution i.e a file can be downloaded in any directory , it is not that it can download in only downloads directory. So how about taking the list latest files downloaded?

– Snehitha Gaddam
17 hours ago










Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.













Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.












Snehitha Gaddam is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207378%2fhow-to-dynamically-generate-the-hash-value-of-a-file-while-it-gets-downloaded-fr%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

數位音樂下載

When can things happen in Etherscan, such as the picture below?

格利澤436b