User Guide

Overview

The ReversingLabs Browser Extension enhances the usability of Spectra Analyze and Spectra Intelligence products directly from your browser. It enables seamless interaction, making it easier to access and analyze discovered Indicators of Compromise (IOCs).

In addition to seamless IOC interaction, the extension introduces advanced security features such as Safe URL, which pre-checks links before opening, and Automatic Scan Downloads, which scans downloaded files for potential threats without disrupting your workflow.

Features

The extension currently provides the following features:

• Automatic highlighting of IP address, URL, Domain name, and file hash indicators
• Indicator classification lookup without leaving the page
• File upload for Spectra Analyze users
• Chrome/Edge Side Panel integration for indicator data
• Right-click context menu lookup
• Safe URL, ensures safer browsing by pre-checking URLs before they are opened
• Automatic Scan Downloads, scans and analyzes files you download to detect potential threats

Installation

The extension can be installed via the Chrome Web Store:

Browser	Extension Link
	Chrome Web Store
	Chrome Web Store

The extension has been developed to support Chromium-based browsers. At this time, the extension has been tested and confirmed to work on the following:

• Operating Systems: macOS, Linux, Windows
• Browsers: Chrome (>= v116), Edge (>= v133)

Requirements

For Spectra Intellligence users: the extension utilizes the following APIs:

• TCA-9999 (single user): to check if the credentials entered are valid
• TCA-0404: to submit URLs
• TCA-0403: to query for URL info
• TCA-0405: to query for domain info
• TCA-0406: to query for IPv4 info
• TCA-0101: to query for sample info via hash
• TCA-0104: to query for sample AV info
• TCA-0202: to upload samples (only public files)

For Spectra Analyze users, the extension utilizes the following APIs:

• Submission API, for submitting URLs & uploading samples
• Network threat intel (URL): to query for URL info
• Network threat intel (domain): to query for domain info
• Network threat intel (IP): to query for IPv4 info
• Full report api: to query for sample info via hash
• Classification Status API: to query sample info via hash
• License information: to check if the credentials entered are valid

Getting Started Video

For a quick introduction to the ReversingLabs Browser Extension, watch our Getting Started video below. Short walkthrough demonstrates how to install, configure, and use the core featured of the extension.

Watch on YouTube

For more details, continue to the sections below.

Configuration

After installing the extension from the Chrome Web Store, a new tab will open displaying the configuration options:

Adding credentials

Set your credentials for either Spectra Analyze or Spectra Intelligence and confirm by clicking "Connect".

Platform Selection

At this time, users may select only Spectra Intelligence OR Spectra Analyze, not both.

Configuring options

You can customize how the extension identifies and interacts with Indicators of Compromise (IOCs), file downloads and URL reputation checks.

By default, the following features are enabled

• Indicator Highlighting: URLs, Domains, IPv4 addresses, and Hashes are automatically identified on web pages and maked with a RL icon
• Scan Downloads: Files downloaded are automatically scanned using Spectra Analyze or Spectra Intelligence
• Prompt when Downloading Files: the extension will ask for confirmation before a file is submitted for analysis. This provides more control over uploads for analysis
• Safe URL: the extension checks URLs before they are opened. If a URL is flagged as suspicious or malicious, the browser will redirect you to a warning page before proceeding

info

All options can be managed using toggle switches.

Using the extension

The extension offers several modes of interaction:

Indicator highlighting

The extension will identify indicators on the page, and highlight them by underlining the text and applying a clickable "RL" icon:

To learn more about the indicator, click the "RL" icon to see lookup results in the browser side panel.

The side panel

After clicking the "RL" icon next to an indicator, the Chrome side panel will appear with the lookup results.

Domain example

IPv4 address example

File hash example

Context menu

In addition to automatic highlighting, you can use the right-click context menu to manually select indicators for lookup.

1. Select the indicator with the left mouse button.
2. Click the right mouse button.
3. Hover over the "ReversingLabs Browser Extension" item.
4. Select the appropriate query type.
   • Available Queries
     • Query link target URL - Look up the URL hyperlink
     • Submit link target URL - Submit URL hyperlink for analysis
     • Safely Download link target - Scan for analysis and Download targeted link
     • [selection] Submit text as URL - Submit selected text for URL analysis
     • [selection] Query text as URL - Query selected text for URL lookup
     • [selection] Query text as domain - Query selected text for Domain lookup
     • [selection] Query text as IPv4 - Query selected text for IP lookup
     • [selection] Query text as hash - Query selected text for Hash lookup

File upload

For Spectra Analyze users, the extension supports file upload for analysis. To upload a file to the Spectra Analyze appliance via the extension:

1. Open the extension side panel by right clicking to open the context menu, then click "Open side panel".
2. Click the "Upload" tab near the top of the side panel.
3. Drag and drop a file into the window, or click to open the file explorer and select a file.
4. Click the "Upload" button.

info

Note: Files up to 200 MB in size can be uploaded.

Automatic Scan Downloads

The extension can automatically scan downloaded files to detect malicious content. To enable the feature:

1. Open the extension configuration page by clicking on the RL Browser Extension icon in the browser toolbar.
2. In the Additional Configuration section, toggle on the "Scan Downloads with Spectra Analyze or Spectra Intelligence".
3. (Optional) Enable "Prompt when Downloading Files" if you want the extension to ask for confirmation before scanning files.
4. Once enabled, downloaded files will be submitted for analysis, and users will be notified if threats are detected.

• if a file is flagged as malicious, the user will be prompted for action
• if a file is classified as goodware the download will proceed uninterrupted

All downloaded files will be saved to the default Chrome/Edge downloads folder

info

Note: Files up to 200 MB in size can be scanned.

Safe URL

For both Spectra Analyze and Spectra Intelligence users, the extension includes a Safe URL feature designed to prevent access to potentially malicious sites. To enable and use Safe URL feature:

1. Open the extension configuration page by clicking on the RL Browser Extension icon in the browser toolbar.
2. In the Additional Configuration section, toggle on the "Scan URLs".
3. Once enabled, URLs you click or open in new tab will be checked for reputation.
4. If the URL is identified and suspicious or malicious, you will be redirected to a warning page where you can choose the next action.

Support

For any questions or concerns relating to the browser extension, please contact support@reversinglabs.com