In order to verify the data coming from the Google Safe Browsing API, you can calculate a Message Authentication Code (MAC) for each update. The instructions to do this (from Google) are:
The MAC is computed from an MD5 Digest over the following information: client_key|separator|table data|separator|client_key. The separator is the string:coolgoog: - that is a colon followed by "coolgoog" followed by a colon. The resulting 128-bit MD5 digest is websafe base-64 encoded.
There's also example data to check against:
client key: "8eirwN1kTwCzgWA2HxTaRQ=="
response:
[goog-black-hash 1.180 update][mac=dRalfTU+bXwUhlk0NCGJtQ==]
+8070465bdf3b9c6ad6a89c32e8162ef1
+86fa593a025714f89d6bc8c9c5a191ac
+bbbd7247731cbb7ec1b3a5814ed4bc9d
*Note that there are tabs at the end of each line.
I'm unable to get a match. Please either point out where I'm going wrong, or just write the couple of lines of Python code necessary to do this!
FWIW, I expected to be able to do something like this:
>>> s = "+8070465bdf3b9c6ad6a89c32e8162ef1\t\n+86fa593a025714f89d6bc8c9c5a191ac\t\n+bbbd7247731cbb7ec1b3a5814ed4bc9d\t"
>>> c = "8eirwN1kTwCzgWA2HxTaRQ=="
>>> hashlib.md5("%s%s%s%s%s" % (c, ":coolgoog:", s, ":coolgoog:", c)).digest().encode("base64")
'qfb50mxpHrS82yTofPkcEg==\n'
But as you can see, 'qfb50mxpHrS82yTofPkcEg==\n' != 'dRalfTU+bXwUhlk0NCGJtQ=='.