Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import pymongo
- import json
- def init_database():
- myclient = pymongo.MongoClient("mongodb://localhost:27017/")
- mydb = myclient["ChromeExtensions"]
- mycol = mydb["API"]
- return mycol
- mycol = init_database()
- def GetPattern(file_parttern):
- with open(file_parttern) as f:
- api = json.load(f)
- return api
- def AnalyzerOnlyOneExtension(idx):
- total_call = 0
- count_api = {}
- # Get api called of chrome extension from mongodb with id
- list_api_from_database = mycol.find({"extensionId": idx})
- for api_call in list_api_from_database:
- total_call += 1
- if(api_call["apiCall"] in count_api.keys()):
- count_api[api_call["apiCall"]] += 1
- else:
- count_api[api_call["apiCall"]] = 1
- beauty_report = {"id": idx, "api_called": total_call, "apis": {}}
- for i in count_api:
- testing = {}
- count = 0
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- count +=1
- beauty_report["apis"][str(count)] = {}
- testing["time"] = obj["time"]
- testing["args"] = obj["args"]
- testing["activityType"] = obj["activityType"]
- if("argUrl" in obj.keys()):
- testing["argUrl"] = obj["argUrl"]
- beauty_report["apis"][str(count)] = testing
- print(json.dumps(beauty_report,indent=4))
- exit()
- print("==========================================")
- # Get malicious, suspicious api form api.json
- patterns = GetPattern("api.json")
- malicious_api = []
- test_api = []
- for i in patterns.items():
- if(i[1]["risk"] == "Malicious"):
- malicious_api.append(i[0])
- if(i[1]["risk"] == "Test"):
- test_api.append(i[0])
- print("[+] Total API called: %d" % (total_call))
- print(json.dumps(count_api, indent=4))
- # Get name api from object count_api
- # Checking api of extension call with malicious and suspicious list api
- # Print api info
- for i in count_api:
- if(i in malicious_api):
- print("[!] Malicious API called: %s (%d times)" %
- (i, count_api[i]))
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- print("[+] Time call : %s\n==> Args: %s\n" %
- (obj["time"], obj["args"]))
- if(i in test_api):
- print("Test API called: %s (%d times)" % (i, count_api[i]))
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- print("[+] Time call : %s\n==> Args: %s\n" %
- (obj["time"], obj["args"]))
- return list_api_from_database
- if __name__ == "__main__":
- list_api = AnalyzerOnlyOneExtension("hconclpdhpbflfdnnkngdknmgpepkfdp")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement