def checkPostURL(flow, results):
if (flow.url.find('https://slack.com/api') == 0):
flow.source = 'Slack'
if (len(AppDefault.findFormEntry(flow.requestContent, 'token')) > 25):
type = 'Slack Token'
info = AppDefault.findFormEntry(flow.requestContent, 'token')
results.append(Result.Result(flow, type, info))
if (len(AppDefault.findFormEntry(flow.requestContent, 'push_token')) > 25):
type = 'Slack Push Token'
info = AppDefault.findFormEntry(flow.requestContent, 'push_token')
results.append(Result.Result(flow, type, info))
if (flow.url == 'https://slack.com/api/experiments.getByVisitor'):
type = 'System Info: Slack Experiments'
info = flow.responseContent
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://sessions.bugsnag.com/'):
if ('Bugsnag-Api-Key' in flow.requestHeaders.keys()):
type = 'Bugsnag API Key'
info = flow.requestHeaders['Bugsnag-Api-Key']
results.append(Result.Result(flow, type, info))
if (AppDefault.findJSONItem(flow.requestContent, 'packageName') == 'com.Slack'):
flow.source = 'Slack Bugsnag'
type = 'Current Slack Screen'
info = AppDefault.findJSONItem(flow.requestContent, 'activeScreen')
results.append(Result.Result(flow, type, info))
type = 'Slack Foreground Status'
info = AppDefault.findJSONItem(flow.requestContent, 'inForeground')
results.append(Result.Result(flow, type, info))
type = 'Slack Session ID'
info = AppDefault.findJSONItem(AppDefault.findJSONGroup(flow.requestContent, 'sessions'), 'id')
results.append(Result.Result(flow, type, info))
type = 'User Info: Slack User ID'
info = AppDefault.findJSONItem(AppDefault.findJSONGroup(AppDefault.findJSONGroup(flow.requestContent, 'sessions'), 'user'), 'id')
results.append(Result.Result(flow, type, info))
type = 'Session Start Time'
info = AppDefault.findJSONItem(AppDefault.findJSONGroup(flow.requestContent, 'sessions'), 'startedAt') + ' UTC'
results.append(Result.Result(flow, type, info))
type = 'System Info: Model'
make = AppDefault.findJSONItem(flow.requestContent, 'manufacturer')
model = AppDefault.findJSONItem(flow.requestContent, 'model')
info = make + ' ' + model
results.append(Result.Result(flow, type, info))
type = 'System Info: OS Version'
info = AppDefault.findJSONItem(flow.requestContent, 'osName') + ' ' + AppDefault.findJSONItem(flow.requestContent, 'osVersion')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/auth.findTeam'):
type = 'User Action: Domain Lookup'
info = AppDefault.findFormEntry(flow.requestContent, 'domain')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/auth.findUser'):
type = 'User Action: Login'
info = AppDefault.findFormEntry(flow.requestContent, 'email')
results.append(Result.Result(flow, type, info))
type = 'User Info: Slack User ID'
info = AppDefault.findJSONItem(flow.responseContent, 'user_id')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/auth.signin'):
type = 'User Info: Password'
info = AppDefault.findFormEntry(flow.requestContent, 'password')
results.append(Result.Result(flow, type, info))
type = 'User Info: Slack User ID'
info = AppDefault.findJSONItem(flow.responseContent, 'user')
results.append(Result.Result(flow, type, info))
type = 'User Info: Team ID'
info = AppDefault.findFormEntry(flow.requestContent, 'team')
results.append(Result.Result(flow, type, info))
type = 'Slack Token'
info = AppDefault.findJSONItem(flow.responseContent, 'token')
results.append(Result.Result(flow, type, info))
type = 'User Info: Email'
info = AppDefault.findJSONItem(flow.responseContent, 'user_email')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/users.counts'):
channels = AppDefault.findJSONListNonSpaced(flow.responseContent, 'channels')
channels = channels[2:]
for channel in channels.split('},'):
type = 'Slack Channel Info'
info = channel
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/conversations.history'):
type = 'Channel Messages Sync Channel'
info = AppDefault.findFormEntry(flow.requestContent, 'channel')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/beacon/track/'):
type = 'System Info: Performance Tracking'
info = AppDefault.findFormEntry(flow.requestContent, 'data')
info = base64.b64decode(info)
info = info.decode("UTF-8")
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/chat.postMessage'):
type = 'User Action: Send Message'
info = 'Message "' + AppDefault.findFormEntry(flow.requestContent, 'text') + '" sent to channel ' + AppDefault.findFormEntry(flow.requestContent, 'channel')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://slack.com/api/conversations.mark'):
type = 'User Action: Viewed Channel'
info = 'Viewed channel ' + AppDefault.findFormEntry(flow.requestContent, 'channel') + ' at ' + AppDefault.findFormEntry(flow.requestContent, 'ts')
results.append(Result.Result(flow, type, info))
def checkPostURL(flow, results):
flow.source = 'Hulu'
if (flow.url == 'https://play.hulu.com/config'):
type = 'System Info: Hulu Device ID'
info = AppDefault.findFormEntry(flow.requestContent, 'device_id')
results.append(Result.Result(flow, type, info))
type = 'System Info: Model'
info = AppDefault.findFormEntry(flow.requestContent, 'device_model')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://vortex.hulu.com/api/v3/event'):
if (flow.requestContent.find('app_session_id') > -1):
type = 'Hulu Session ID'
info = AppDefault.findJSONItem(flow.requestContent,
'app_session_id')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('app_visit_count') > -1):
type = 'User Action: Hulu Visit Count'
info = AppDefault.findJSONItem(flow.requestContent,
'app_visit_count')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('application_instance_id') > -1):
type = 'System Info: Hulu App ID'
info = AppDefault.findJSONItem(flow.requestContent,
'application_instance_id')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('device_ad_id') > -1):
type = 'Ad ID'
info = AppDefault.findJSONItem(flow.requestContent, 'device_ad_id')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('device_manufacturer') > -1):
type = 'System Info: Brand'
info = AppDefault.findJSONItem(flow.requestContent,
'device_manufacturer')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('device_model') > -1):
type = 'System Info: Model'
info = AppDefault.findJSONItem(flow.requestContent, 'device_model')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('device_os') > -1):
type = 'System Info: OS Version'
info = AppDefault.findJSONItem(flow.requestContent, 'device_os')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('manufacturer_device_id') > -1):
type = 'System Info: Serial Number'
info = AppDefault.findJSONItem(flow.requestContent,
'manufacturer_device_id')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('network_mode') > -1):
type = 'System Info: Connection Type'
info = AppDefault.findJSONItem(flow.requestContent, 'network_mode')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('screen_resolution') > -1):
type = 'System Info: Screen Size'
info = AppDefault.findJSONItem(flow.requestContent,
'screen_resolution')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('screen_orientation') > -1):
type = 'System Info: Screen Orientation'
info = AppDefault.findJSONItem(flow.requestContent,
'screen_orientation')
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('event') > -1):
type = 'Hulu Event'
info = AppDefault.findJSONItem(flow.requestContent, 'event')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://auth.hulu.com/v1/device/code/register'):
type = 'System Info: Serial Number'
info = AppDefault.findFormEntry(flow.requestContent, 'serial_number')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://auth.hulu.com/v1/device/password/authenticate'):
type = 'User Info: Email Address'
info = AppDefault.findFormEntry(flow.requestContent, 'user_email')
results.append(Result.Result(flow, type, info))
type = 'User Info: Hulu Password'
info = AppDefault.findFormEntry(flow.requestContent, 'password')
results.append(Result.Result(flow, type, info))
type = 'System Info: Serial Number'
info = AppDefault.findFormEntry(flow.requestContent, 'serial_number')
results.append(Result.Result(flow, type, info))
type = 'System Info: Timezone'
info = AppDefault.findFormEntry(flow.requestContent, 'time_zone')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://auth.hulu.com/v1/device/profiles/switch'):
type = 'User Action: Profile Switch'
info = AppDefault.findFormEntry(flow.requestContent, 'profile_id')
results.append(Result.Result(flow, type, info))
elif (flow.url.find(
'https://home.hulu.com/v1/users/self/profiles/self/asset_view_progress'
) == 0):
type = 'User Action: Video Progress'
info = AppDefault.findJSONItem(flow.requestContent, 'position')
results.append(Result.Result(flow, type, info))
def checkGetURL(flow, results):
flow.source = 'Canvas'
if (flow.url.find('https://canvas.instructure.com//api/v1/accounts/search') == 0):
type = 'User Action: School Search'
info = AppDefault.findFormEntry(flow.requestContent, 'search_term')
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://canvas.instructure.com/api/v1/mobile_verify.json') == 0):
type = 'System Info: Canvas API Key'
info = AppDefault.findJSONItem(flow.responseContent, 'api_key')
results.append(Result.Result(flow, type, info))
type = 'System Info: Canvas Client ID'
info = AppDefault.findJSONItem(flow.responseContent, 'client_id')
results.append(Result.Result(flow, type, info))
type = 'System Info: Canvas Client Secret'
info = AppDefault.findJSONItem(flow.responseContent, 'client_secret')
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/login/oauth2/auth') == 0):
type = 'System Info: Canvas Client ID'
info = AppDefault.findFormEntry(flow.requestContent, 'client_id')
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/courses') == 0):
if (flow.url.find('front_page') > -1):
type = 'User Action: View Course Front Page'
info = flow.url[flow.url.find('courses/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('announcements') > -1):
type = 'User Action: View Course Announcements'
info = flow.url[flow.url.find('courses/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('discussion_topics') > -1 and flow.url.find('view') > -1):
type = 'User Action: View Discussion Topic'
info = flow.url[flow.url.find('discussion_topics/')+18:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('modules') > -1):
type = 'User Action: View Course Modules'
info = flow.url[flow.url.find('courses/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
if (flow.url.find('/items') > -1):
type = 'User Action: View Module'
info = flow.url[flow.url.find('modules/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('pages/') > -1):
type = 'User Action: View Course Page'
info = flow.url[flow.url.find('pages/')+6:]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('assignments') > -1):
if (flow.url.find('submissions') > -1):
type = 'User Action: View Assignment Submission'
info = flow.url[flow.url.find('submissions/')+12:]
info = info[:info.find('?')]
results.append(Result.Result(flow, type, info))
else:
type = 'User Action: View Assignment'
info = flow.url[flow.url.find('assignments/')+12:]
info = info[:info.find('?')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('users') > -1):
if (flow.url.find('users/') > -1):
type = 'User Action: View Canvas User'
info = flow.url[flow.url.find('users/')+6:]
info = info[:info.find('?')]
name = flow.responseContent[flow.responseContent.find('"name":')+9:]
name = name[:name.find('"')]
info = info + ': ' + name
results.append(Result.Result(flow, type, info))
else:
type = 'User Action: View Course People'
info = flow.url[flow.url.find('courses/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/calendar_events') == 0):
type = 'User Action: View Calendar'
info = AppDefault.findFormEntry(flow.requestContent, 'start_date') + ' - ' + AppDefault.findFormEntry(flow.requestContent, 'end_date')
results.append(Result.Result(flow, type, info))
if (flow.url.find('context_codes[]=course_') > -1):
type = 'User Action: Course Calendar Viewed'
info = AppDefault.findFormEntry(flow.requestContent, 'context_codes[]')
info = info[7:]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/users/self/todo') == 0):
type = 'User Action: View To-Do\'s'
info = 'Viewed To Do\'s'
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/users/self/activity_stream') == 0):
type = 'User Action: View Notifications'
info = 'Viewed Notifications'
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/conversations') == 0):
if (flow.url.find('conversations/?') == -1 and flow.url.find('unread_count') == -1):
type = 'User Action: Viewed Message'
info = flow.url[flow.url.find('conversations/')+14:]
info = info[:info.find('?')]
results.append(Result.Result(flow, type, info))
else:
type = 'User Action: Viewed Inbox'
info = 'Viewed Inbox'
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/users/self/folders') == 0):
type = 'User Action: Viewed Files'
info = flow.url[flow.url.find('folders/')+8:]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/folders') == 0):
type = 'User Action: Viewed Folder'
info = flow.url[flow.url.find('folders/')+8:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/files') == 0):
type = 'User Action: Viewed File'
info = flow.url[flow.url.find('files/')+6:]
info = info[:info.find('/')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://champlain.instructure.com/api/v1/users') == 0 and flow.url.find('files?search_term=') > -1):
type = 'User Action: Search Files'
info = AppDefault.findFormEntry(flow.requestContent, 'search_term')
results.append(Result.Result(flow, type, info))
def checkPostURL(flow, results):
flow.source = 'RocketChat'
if (flow.url == 'https://open.rocket.chat/api/v1/users.register'):
type = 'User Info: Email Address'
info = AppDefault.findJSONItem(flow.requestContent, 'email')
results.append(Result.Result(flow, type, info))
type = 'User Info: RocketChat Name'
info = AppDefault.findJSONItem(flow.requestContent, 'name')
results.append(Result.Result(flow, type, info))
type = 'User Info: RocketChat Password'
info = AppDefault.findJSONItem(flow.requestContent, 'pass')
results.append(Result.Result(flow, type, info))
type = 'User Info: RocketChat Username'
info = AppDefault.findJSONItem(flow.requestContent, 'username')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/login'):
type = 'User Info: RocketChat Password'
info = AppDefault.findJSONItem(flow.requestContent, 'pass')
results.append(Result.Result(flow, type, info))
type = 'User Info: RocketChat Username'
info = AppDefault.findJSONItem(flow.requestContent, 'username')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/push.token'):
type = 'RocketChat GCM Token'
info = AppDefault.findJSONItem(flow.requestContent, 'value')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/channels.create'):
type = 'User Action: Create Channel'
info = flow.requestContent[flow.requestContent.find('"name":') + 9:]
info = info[:info]
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/chat.sendMessage'):
type = 'User Action: Send Message'
info = flow.requestContent[flow.requestContent.find('"msg":') + 8:]
info = info[:info.find('"')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://open.rocket.chat/api/v1/chat.search') == 0):
type = 'User Action: Chat Search'
info = AppDefault.findFormEntry(flow.requestContent, 'searchText')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/users.deleteOwnAccount'
):
type = 'User Action: Delete Account'
info = 'Deleted RocketChat Account'
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://open.rocket.chat/api/v1/logout'):
type = 'User Action: Logout'
info = 'Logged Out'
results.append(Result.Result(flow, type, info))
def checkPostURL(flow, results):
if (flow.url == 'https://discordapp.com/api/v6/track'):
type = 'User Action: Discord'
temp = flow.requestContent[flow.requestContent.find('"events": [') +
11:]
for info in temp.split('},\n {'):
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://discordapp.com/api/v6/auth/login'):
type = 'User Info: Discord Username'
info = AppDefault.findJSONItem(flow.requestContent, '"email"')
results.append(Result.Result(flow, type, info))
type = 'User Info: Discord Password'
info = AppDefault.findJSONItem(flow.requestContent, '"password"')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://discordapp.com/api/v6/users/@me/relationships'):
type = 'User Action: Discord User Search'
info = AppDefault.findJSONItem(
flow.requestContent, '"username"') + '#' + AppDefault.findJSONItem(
flow.requestContent, '"discriminator"')
results.append(Result.Result(flow, type, info))
elif (flow.url == 'https://discordapp.com/api/v6/guilds'):
type = 'User Action: Create Discord Channel'
info = AppDefault.findJSONItem(flow.requestContent, '"name"')
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://discordapp.com/api/v6/guilds') == 0
and flow.url.find('delete') > -1):
flow.source = 'Discord Server Delete'
type = 'Discord Channel'
info = flow.url[flow.url.find('guilds/') + 7:]
info = info[:info.find('/delete')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://discordapp.com/api/v6/channels') == 0
and flow.url.find('typing') > -1):
flow.source = 'Discord Message Typing'
type = 'Discord Channel'
info = flow.url[flow.url.find('channels/') + 9:]
info = info[:info.find('/typing')]
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://discordapp.com/api/v6/channels') == 0
and flow.url.find('messages') > -1):
flow.source = 'Discord Message Sent'
type = 'Discord Channel'
info = flow.url[flow.url.find('channels/') + 9:]
info = info[:info.find('/messages')]
results.append(Result.Result(flow, type, info))
if (flow.requestContent.find('content:') > -1):
type = 'Message'
info = AppDefault.findFormEntry(flow.requestContent, 'content')
results.append(Result.Result(flow, type, info))
elif (flow.url.find('https://discordapp.com/api/v6/invite') == 0):
flow.source = 'Discord Server Invite'
type = 'Discord Channel'
info = flow.responseContent[flow.responseContent.find('"guild"'):]
info = info[info.find('"id":') + 7:]
info = info[:info.find('"')]
results.append(Result.Result(flow, type, info))