-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathbrowser_history.py
183 lines (159 loc) · 6.96 KB
/
browser_history.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
#!/usr/bin/python
import re
import os
import pwd
import sqlite3
import sys
import urllib2
import platform
import subprocess
import logging.handlers
import psutil
browser_list = ['firefox','chrome','opera','ie']
#linux_browser_history_paths =[{'google-chrome':''.join([os.path.expanduser('~'),'/.config/','google-chrome/'])},
def setup_logging():
""" set up logging"""
logging.basicConfig(level=logging.INFO) # (level=logging.DEBUG)
logger = logging.getLogger(__name__)
# set up file handler
#handler = logging.FileHandler('browser_history.log')
handler = logging.handlers.RotatingFileHandler('browser_history.log', maxBytes=20000, backupCount=5)
handler.setLevel(logging.INFO) # logging format
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler.setFormatter(formatter)
# add the handlers to the logger
logger.addHandler(handler)
return logger
def check_internet():
"""check if internet is accessible """
try:
#google server check
response=urllib2.urlopen('http://74.125.236.151',timeout=2)
return True
except urllib2.URLError:
return False
def detect_os():
""" detect operating system"""
if 'win' in platform.system():
#windows
return False
else:
#not windows - linux flavours
return True
def detect_os_flavour(os_type):
"""Detect Linux flavours and return the current version"""
if os_type:
# linux
try:
return platform.linux_distribution()[0]
except Exception, e:
return None
else:
# windows
return platform.platform()
def detect_browser(log_instance):
"detect current browser"
try:
browser_result = [p.name() for p in psutil.process_iter() if p.name() in browser_list]
if browser_list:
return browser_list[0]
else:
None
except Exception,e:
log_instance.error("Error while getting browser information - %s"%str(e).strip(),exc_info=True)
def detect_browser_old(os_type):
""" Detect browsers and its version"""
# Use powershell on windows to get information about installed programs in Windows
# use rpm -qa | grep firefox -i to get information about browsers
browsers =[]
if os_type:
# linux
for browser in browser_list:
try:
rpm_output=subprocess.Popen(['rpm','-qa'],stdout=subprocess.PIPE)
grep_output=subprocess.Popen(['grep','-i','firefox'],stdin=rpm_output.stdout,stdout=subprocess.PIPE)
output=grep_output.communicate()[0]
browsers.append({browser:True})
except Exception,e:
browsers.append({browser:False})
return browsers
def detect_user(os_flag):
""" Detect current user"""
# Windows
# os.environ['USERNAME']
# win32api.GetUserName()
user=None
if os_flag: # linux
# check current user
user=pwd.getpwuid(os.getuid())[0]
else:
#check current windows user
user= os.environ['USERNAME']
return user
def get_path_firefox(log_instance,os_type):
"""
find 'database-places.sqlite' database path for current user
"""
browser_history_db=None
try:
#linux case
if os_type:
firefox_dir = os.path.join(os.path.expanduser('~'), '.mozilla/firefox/')
if os.path.exists(firefox_dir):
#missing multiple profile support
for folder in os.listdir(firefox_dir):
if folder.endswith('.default'):
browser_history_db = os.path.join(os.path.join(firefox_dir, folder), 'places.sqlite')
except Exception,e:
log_instance.error('Error while finding path of firefox history database file - %s'%str(e).strip(),exc_info=True)
return browser_history_db
def get_path_chrome(log_instance,os_type):
""" find database path for chrome history """
browser_history_db=None
try:
if os_type:
chrome_dir = os.path.join(os.path.expanduser('~'), '.config/google-chrome/Default/')
if os.path.exists(chrome_dir):
# missing multiple profile support
browser_history_db = os.path.join(chrome_dir, 'History')
except Exception,e:
log_instance.error('Error while finding path of Chrome history database file - %s'%str(e).strip(),exc_info=True)
return browser_history_db
if __name__ == '__main__':
try:
# setup logging
log_instance = setup_logging()
# get os: linux-True,Windows-False and its details
current_os = detect_os()
if current_os:
log_instance.info("Detected OS - linux or its similar peers")
os_flavour = detect_os_flavour(True)
log_instance.info("OS details - %s"% ' ' .join(os_flavour))
current_user = detect_user(True)
log_instance.info("current user is %s"%current_user)
else:
log_instance.info("Detected OS - Windows")
os_flavour = detect_os_flavour(True)
log_instance.info("OS details - %s"% ' ' .join(os_flavour))
current_user = detect_user(True)
log_instance.info("current user is %s"%current_user)
#detect browser
# at the moment only first running browser is detected and its history will be analyzed for malicious urls.
# To do - detect all running instances of browser and analyze malicious activities
cur_browser = detect_browser(log_instance)
log_instance.info("current browser - %s"%cur_browser)
#check net connectivity
if not check_internet():
log_instance.error("This script requires internet connectivity and it seems there are some issues in \
reaching the internet. Kindly correct and run the script once again")
sys.exit(1)
firefox_db = get_path_firefox(log_instance,True)
log_instance.info("Firefox browser history database path - %s" %firefox_db)
chrome_db = get_path_chrome(log_instance,True)
log_instance.info("Chrome browser history database path - %s" %chrome_db)
except Exception,e:
log_instance.error('An error is encountered while checking the browser history for malicious urls - %s'%str(e).strip(),exc_info=True)
#print e
# query
#SELECT moz_places.url,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') from moz_historyvisits, moz_places WHERE moz_historyvisits.place_id=moz_places.id and datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime')>datetime('now','-1 day','localtime') limit 5;
#SELECT moz_places.url,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') from moz_historyvisits, moz_places WHERE moz_historyvisits.place_id=moz_places.id and datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime')>datetime('now','-1 day','localtime') order by datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') desc limit 100;