import pymongoimport jsondef init_database(): myclient = pymongo.Mo

1. import pymongo
2. import json
3.  
4.  
5. def init_database():
6. myclient = pymongo.MongoClient("mongodb://localhost:27017/")
7. mydb = myclient["ChromeExtensions"]
8. mycol = mydb["API"]
9. return mycol
10.  
11.  
12. mycol = init_database()
13.  
14.  
15. def GetPattern(file_parttern):
16. with open(file_parttern) as f:
17. api = json.load(f)
18. return api
19.  
20.  
21. def AnalyzerOnlyOneExtension(idx):
22. total_call = 0
23. count_api = {}
24.  
25. # Get api called of chrome extension from mongodb with id
26. list_api_from_database = mycol.find({"extensionId": idx})
27. for api_call in list_api_from_database:
28. total_call += 1
29. if(api_call["apiCall"] in count_api.keys()):
30. count_api[api_call["apiCall"]] += 1
31. else:
32. count_api[api_call["apiCall"]] = 1
33.  
34. beauty_report = {"id": idx, "api_called": total_call, "apis": {}}
35.  
36. for i in count_api:
37. testing = {}
38. count = 0
39. for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
40. count +=1
41. beauty_report["apis"][str(count)] = {}
42. testing["time"] = obj["time"]
43. testing["args"] = obj["args"]
44. testing["activityType"] = obj["activityType"]
45. if("argUrl" in obj.keys()):
46. testing["argUrl"] = obj["argUrl"]
47. beauty_report["apis"][str(count)] = testing
48. print(json.dumps(beauty_report,indent=4))
49. exit()
50. print("==========================================")
51.  
52. # Get malicious, suspicious api form api.json
53. patterns = GetPattern("api.json")
54. malicious_api = []
55. test_api = []
56. for i in patterns.items():
57. if(i[1]["risk"] == "Malicious"):
58. malicious_api.append(i[0])
59. if(i[1]["risk"] == "Test"):
60. test_api.append(i[0])
61.  
62. print("[+] Total API called: %d" % (total_call))
63. print(json.dumps(count_api, indent=4))
64.  
65. # Get name api from object count_api
66. # Checking api of extension call with malicious and suspicious list api
67. # Print api info
68. for i in count_api:
69. if(i in malicious_api):
70. print("[!] Malicious API called: %s (%d times)" %
71. (i, count_api[i]))
72. for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
73. print("[+] Time call : %s\n==> Args: %s\n" %
74. (obj["time"], obj["args"]))
75. if(i in test_api):
76. print("Test API called: %s (%d times)" % (i, count_api[i]))
77. for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
78. print("[+] Time call : %s\n==> Args: %s\n" %
79. (obj["time"], obj["args"]))
80.  
81. return list_api_from_database
82.  
83.  
84. if __name__ == "__main__":
85. list_api = AnalyzerOnlyOneExtension("hconclpdhpbflfdnnkngdknmgpepkfdp")