Skip to main content

User Guide

Overview

The ReversingLabs Browser Extension enhances the usability of Spectra Analyze and Spectra Intelligence products directly from your browser. It enables seamless interaction, making it easier to access and analyze discovered Indicators of Compromise (IOCs).

In addition to seamless IOC interaction, the extension introduces advanced security features such as Safe URL, which pre-checks links before opening, and Automatic Scan Downloads, which scans downloaded files for potential threats without disrupting your workflow.

Features

The extension currently provides the following features:

  • Automatic highlighting of IP address, URL, Domain name, and file hash indicators
  • Indicator classification lookup without leaving the page
  • File upload for Spectra Analyze users
  • Chrome/Edge Side Panel integration for indicator data
  • Right-click context menu lookup
  • Safe URL, ensures safer browsing by pre-checking URLs before they are opened
  • Automatic Scan Downloads, scans and analyzes files you download to detect potential threats

Installation

The extension can be installed via the Chrome Web Store:

BrowserExtension Link
ChromeChrome Web Store
EdgeChrome Web Store

The extension has been developed to support Chromium-based browsers. At this time, the extension has been tested and confirmed to work on the following:

  • Operating Systems: macOS, Linux, Windows
  • Browsers: Chrome (>= v116), Edge (>= v133)

Requirements

For Spectra Intellligence users: the extension utilizes the following APIs:

For Spectra Analyze users, the extension utilizes the following APIs:

Getting Started Video

For a quick introduction to the ReversingLabs Browser Extension, watch our Getting Started video below. Short walkthrough demonstrates how to install, configure, and use the core featured of the extension.

Watch on YouTube

For more details, continue to the sections below.

Configuration

After installing the extension from the Chrome Web Store, a new tab will open displaying the configuration options:

Extension Configuration Page

Adding credentials

Set your credentials for either Spectra Analyze or Spectra Intelligence and confirm by clicking "Connect".

Platform Selection

At this time, users may select only Spectra Intelligence OR Spectra Analyze, not both.

Configuring options

You can customize how the extension identifies and interacts with Indicators of Compromise (IOCs), file downloads and URL reputation checks.

By default, the following features are enabled

  • Indicator Highlighting: URLs, Domains, IPv4 addresses, and Hashes are automatically identified on web pages and maked with a RL icon
  • Scan Downloads: Files downloaded are automatically scanned using Spectra Analyze or Spectra Intelligence
  • Prompt when Downloading Files: the extension will ask for confirmation before a file is submitted for analysis. This provides more control over uploads for analysis
  • Safe URL: the extension checks URLs before they are opened. If a URL is flagged as suspicious or malicious, the browser will redirect you to a warning page before proceeding
info

All options can be managed using toggle switches.

Error report buttons

The extension uses mailto: links to allow users to report any issues encountered while using the extension. To use this feature, users must have a default email app set up.

For Windows users:

  1. Select Start and in the Search box, enter Default apps.
  2. Select Default apps from the suggestions.
  3. In the Windows Settings app, on the Default apps page, do one of the following:
    1. Windows 10
      1. Go to Email.
      2. Select the current app listed.
      3. Under Choose an app, select your desired client.
    2. Windows 11
      1. Go to Set defaults for applications.
      2. Scroll to find your desired client, then select it.
      3. Set the default mail client for file type (.eml, .hol, etc...) and link type:
        1. Select an item.
        2. Select your desired client.
        3. Select Set default to confirm.

For MacOS users:

  1. Open the Mail app.
  2. From the Mail menu in the menu bar, choose Settings (or Preferences).
  3. Click General, then choose an email app from the Default email reader pop-up menu.
    1. If you use webmail (email in a browser), select your preferred browser from the pop-up menu.
    2. Check if your preferred browser has any additional settings which need to be altered.

For Linux users: How mailto:// is handled depends on the distribution and/or desktop environment. Please check the distribution's documentation on how to set up the URL handler.

Using the extension

The extension offers several modes of interaction:

Indicator highlighting

The extension will identify indicators on the page, and highlight them by underlining the text and applying a clickable "RL" icon:

alt text

To learn more about the indicator, click the "RL" icon to see lookup results in the browser side panel.

The side panel

After clicking the "RL" icon next to an indicator, the Chrome side panel will appear with the lookup results.

Domain example

alt text

IPv4 address example

alt text

File hash example

alt text

Context menu

In addition to automatic highlighting, you can use the right-click context menu to manually select indicators for lookup.

  1. Select the indicator with the left mouse button.
  2. Click the right mouse button.
  3. Hover over the "ReversingLabs Browser Extension" item.
  4. Select the appropriate query type.
    • Available Queries
      • Query link target URL - Look up the URL hyperlink
      • Submit link target URL - Submit URL hyperlink for analysis
      • Safely Download link target - Scan for analysis and Download targeted link
      • [selection] Submit text as URL - Submit selected text for URL analysis
      • [selection] Query text as URL - Query selected text for URL lookup
      • [selection] Query text as domain - Query selected text for Domain lookup
      • [selection] Query text as IPv4 - Query selected text for IP lookup
      • [selection] Query text as hash - Query selected text for Hash lookup

File upload

For Spectra Analyze users, the extension supports file upload for analysis. To upload a file to the Spectra Analyze appliance via the extension:

  1. Open the extension side panel by right clicking to open the context menu, then click "Open side panel".
  2. Click the "Upload" tab near the top of the side panel.
  3. Drag and drop a file into the window, or click to open the file explorer and select a file.
  4. Click the "Upload" button.
info

Note: Files up to 200 MB in size can be uploaded.

Automatic Scan Downloads

The extension can automatically scan downloaded files to detect malicious content. To enable the feature:

  1. Open the extension configuration page by clicking on the RL Browser Extension icon in the browser toolbar.
  2. In the Additional Configuration section, toggle on the "Scan Downloads with Spectra Analyze or Spectra Intelligence".
  3. (Optional) Enable "Prompt when Downloading Files" if you want the extension to ask for confirmation before scanning files.
  4. Once enabled, downloaded files will be submitted for analysis, and users will be notified if threats are detected.
  • if a file is flagged as malicious, the user will be prompted for action
  • if a file is classified as goodware the download will proceed uninterrupted

All downloaded files will be saved to the default Chrome/Edge downloads folder

info

Note: Files up to 200 MB in size can be scanned.

alt text

Safe URL

For both Spectra Analyze and Spectra Intelligence users, the extension includes a Safe URL feature designed to prevent access to potentially malicious sites. To enable and use Safe URL feature:

  1. Open the extension configuration page by clicking on the RL Browser Extension icon in the browser toolbar.
  2. In the Additional Configuration section, toggle on the "Scan URLs".
  3. Once enabled, URLs you click or open in new tab will be checked for reputation.
  4. If the URL is identified and suspicious or malicious, you will be redirected to a warning page where you can choose the next action.

alt text

Support

For any questions or concerns relating to the browser extension, please contact support@reversinglabs.com

Appendices

Appendix A: Spectra Analyze self-signed certificates

If there are any issues with the TLS certificate setup, they will manifest as network connection issues in the extension.

This affects the following Spectra Analyze instances:

  1. Self-hosted instances
  2. Instances deployed with self-signed certificates By default, the extension requires that any host configured with the https:// protocol provide a valid and trusted certificate. To resolve this issue, make sure that the certificate from your Spectra Analyze instance is trusted by your OS and by your browser.
warning

Before proceeding, confirm the authenticity of the certificate which will be added to the trust store.

info

The error will persist even for trusted certificates if the certificate’s Common Name does not match the Spectra Analyze instance DNS.

Follow one of these steps to add the certificate to your trust store:

  1. Add the certificate to the OS trust store.

    1. Follow your operating system vendor’s instructions for adding trusted certificates.
    2. Clear the browser cache and restart the browser.
    3. Open chrome://certificate-manager/localcerts/platformcerts and confirm that the Browser has detected the added certificate.

  2. Add the certificate to Chrome’s imported certificates.

    1. Open chrome://certificate-manager/localcerts/usercerts in your Browser.
    2. Use the Import button to add the certificate. After these steps are completed, the connection can be configured.