In my Firefox profile folder, there is a folder titled "google_safebrowsing" It contains a file titled kf.txt which has the following contents:
clientkey:24:2j+Ao99gv4IvhQaXS+vd3A== wrappedkey:24:MTrj-WHULjad2AMRlZCdl5Cv
In addition, for every site I visit, Firefox calls a Google server with a request for Google Safe Browsing. It calls the same server reported about previously in another thread, sb.google.com. It calls this URI: http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=trustrank&client=navclient-auto-tbff&encver=1 plus some cryptic long keys passed in as the parameters nonce, wrkey, and encparams. |
https://www.google.com/safebrowsing/getkey? also gets a similar output to what is in the txt file. |