Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import pymongo
- import json
- def init_database():
- myclient = pymongo.MongoClient("mongodb://localhost:27017/")
- mydb = myclient["ChromeExtensions"]
- mycol = mydb["API"]
- return mycol
- mycol = init_database()
- # get behavior form file api.json define
- # Return json behavior
- def GetBehaviorMalicious(behavior):
- with open("api.json") as f:
- _behavior = json.load(f)
- return _behavior[behavior]
- def GetApiCalledByExtension(idx):
- list_api_from_database = mycol.find({"extensionId": idx})
- return list_api_from_database
- def UninstallBehaviorTracking(api_of_extension):
- _behavior_info = GetBehaviorMalicious("uninstall_other_extension")
- for api_of_behavior in (_behavior_info):
- if "behavior" in api_of_behavior:
- list_api_behavior = api_of_behavior["behavior"]
- return list_api_behavior
- def AnalyzerOnlyOneExtension(idx):
- total_call = 0
- count_api = {}
- # Get api called of chrome extension from mongodb with id
- # Count total api called
- # Save element of info to report
- list_api_from_database = GetApiCalledByExtension(idx)
- for api_call in list_api_from_database:
- total_call += 1
- if(api_call["apiCall"] in count_api.keys()):
- count_api[api_call["apiCall"]] += 1
- else:
- count_api[api_call["apiCall"]] = 1
- beauty_report = {"id": idx, "api_called": total_call, "apis": {}}
- print(beauty_report)
- exit()
- for i in count_api:
- testing = {}
- count = 0
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- count +=1
- beauty_report["apis"][str(count)] = {}
- testing["time"] = obj["time"]
- testing["args"] = obj["args"]
- testing["activityType"] = obj["activityType"]
- if("argUrl" in obj.keys()):
- testing["argUrl"] = obj["argUrl"]
- beauty_report["apis"][str(count)] = testing
- print(json.dumps(beauty_report,indent=4))
- exit()
- print("==========================================")
- # Get malicious, suspicious api form api.json
- patterns = GetBehaviorMalicious("api.json")
- malicious_api = []
- test_api = []
- for i in patterns.items():
- if(i[1]["risk"] == "Malicious"):
- malicious_api.append(i[0])
- if(i[1]["risk"] == "Test"):
- test_api.append(i[0])
- print("[+] Total API called: %d" % (total_call))
- print(json.dumps(count_api, indent=4))
- # Get name api from object count_api
- # Checking api of extension call with malicious and suspicious list api
- # Print api info
- for i in count_api:
- if(i in malicious_api):
- print("[!] Malicious API called: %s (%d times)" %
- (i, count_api[i]))
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- print("[+] Time call : %s\n==> Args: %s\n" %
- (obj["time"], obj["args"]))
- if(i in test_api):
- print("Test API called: %s (%d times)" % (i, count_api[i]))
- for obj in (mycol.find({"extensionId": idx, "apiCall": i})):
- print("[+] Time call : %s\n==> Args: %s\n" %
- (obj["time"], obj["args"]))
- return list_api_from_database
- if __name__ == "__main__":
- #list_api = AnalyzerOnlyOneExtension("aklmaophoojkakkcijlkcfegdcgifgch")
- list_api = GetApiCalledByExtension("gdjoennjdfomkmhgejbipfcohcaejahm")
- uninstall_other_extension=[]
- for api in list_api:
- if (api["apiCall"] in UninstallBehaviorTracking(list_api)):
- uninstall_other_extension.append(api)
- print(uninstall_other_extension)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement