def checkGetURL(flow, results): if (flow.url.find('https://spclient.wg.spotify.com/v1/pses/featureflags') == 0): flow.source = 'Spotify Features Sync' elif (flow.url.find( 'https://spclient.wg.spotify.com/abba-service/v1/resolve') == 0): flow.source = 'Spotify Features Sync' elif (flow.url.find('https://spclient.wg.spotify.com/ads/v2/config') == 0): type = 'Spotify Session ID' info = flow.requestHeaders['vnd.spotify.ads-payload'] info = info[info.find('"session_id":') + 14:] info = info[:info.find('"')] results.append(Result.Result(flow, type, info)) elif (flow.url.find( 'https://spclient.wg.spotify.com/storage-resolve/files/audio/interactive/' ) == 0): type = 'User Action: Song Opened' info = flow.url[flow.url.find('audio/interactive/') + 18:] info = info[:info.find('?')] results.append(Result.Result(flow, type, info)) elif (flow.url.find( 'https://spclient.wg.spotify.com/storage-resolve/files/audio/interactive_prefetch' ) == 0): type = 'User Action: Song Opened' info = flow.url[flow.url.find('interactive_prefetch/') + 21:] info = info[:info.find('?')] results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://audio-sp-dca.pscdn.co/audio') == 0): type = 'User Action: Song Opened' info = flow.url[flow.url.find('audio/') + 6:] info = info[:info.find('?')] results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://audio4-ak-spotify-com.akamaized.net/audio') == 0): type = 'User Action: Song Opened' info = flow.url[flow.url.find('audio/') + 6:] info = info[:info.find('?')] results.append(Result.Result(flow, type, info)) elif (flow.url.find( 'https://spclient.wg.spotify.com/searchview/android/v4/assisted-curation' ) == 0): type = 'User Info: Spotify Username' info = AppDefault.findFormEntry(flow.requestContent, 'username') results.append(Result.Result(flow, type, info)) type = 'User Action: Spotify Search' info = flow.url[flow.url.find('assisted-curation/') + 18:] info = info[:info.find('?')] info = AppDefault.fixUrlEncoding(info) results.append(Result.Result(flow, type, info)) elif (flow.url.find( 'https://spclient.wg.spotify.com/searchview/android/v4/search') == 0): type = 'User Info: Spotify Username' info = AppDefault.findFormEntry(flow.requestContent, 'username') results.append(Result.Result(flow, type, info)) type = 'User Action: Spotify Search' info = flow.url[flow.url.find('search/') + 7:] info = info[:info.find('?')] info = AppDefault.fixUrlEncoding(info) results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://spclient.wg.spotify.com/quicksilver/v2/cards') == 0): if (flow.requestContent.find('trigger:') > -1): type = 'User Action: Click' info = AppDefault.findFormEntry(flow.requestContent, 'trigger') results.append(Result.Result(flow, type, info)) elif (flow.url.find('megaphone.fm') > -1): type = 'User Action: Podcast Opened' info = flow.url[flow.url.find('megaphone.fm/') + 13:] info = info[:info.find('.mp3')] results.append(Result.Result(flow, type, info))
def checkGetURL(flow, results): #WiFi connectivity check if (flow.url == 'http://connectivitycheck.gstatic.com/generate_204' or flow.url == 'https://connectivitycheck.gstatic.com/generate_204'): flow.source = 'WiFi Connection' type = 'System Status' info = 'WiFi connection active' results.append(Result.Result(flow, type, info)) #Google Ping elif (flow.url == 'https://www.google.com/generate_204'): flow.source = 'Google service ping' elif (flow.url == 'http://www.google.com/gen_204'): flow.source = 'Google service ping' elif (flow.url.find('https://android.clients.google.com/gsync') > -1): flow.source = 'Google Account Data Sync' type = 'System Info: GCM ID' info = flow.requestContent[flow.requestContent.find('gcm://?regId=') + 13:flow.requestContent.find('&androidId=')] results.append(Result.Result(flow, type, info)) type = 'System Info: Android ID' info = flow.requestContent[flow.requestContent.find('&androidId=') + 11:flow.requestContent.find('\n')] results.append(Result.Result(flow, type, info)) elif (flow.url.find('preloads?doc=android.autoinstalls.config.') > -1): flow.source = 'App Preloader' type = 'System Info: Build' info = flow.requestContent info = info[info.find('build_fingerprint:') + 19:] info = info[:info.find('\n')] info = info.strip() results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://www.google.com/complete/search') > -1): flow.source = 'Google Search History Sync' elif (flow.url.find('https://app-measurement.com') == 0): flow.source = 'App Measurement' type = 'System Info: Application' info = flow.url[flow.url.find('app/') + 4:flow.url.find('?')] info = AppDefault.fixUrlEncoding(info) if (info in appIds.keys()): info = appIds[info] results.append(Result.Result(flow, type, info)) type = 'System Info: App Instance ID' info = flow.requestContent info = info[info.find('app_instance_id:') + 17:] info = info[:info.find('\n')].strip() results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://www.googleapis.com/userlocation/v1/settings') == 0): flow.source = 'Android Location Settings Sync' type = 'System Info: Model' info = AppDefault.findFormEntry( flow.requestContent, 'brand') + ' ' + AppDefault.findFormEntry( flow.requestContent, 'model') results.append(Result.Result(flow, type, info)) type = 'System Info: Build' info = AppDefault.findFormEntry(flow.requestContent, 'platform') results.append(Result.Result(flow, type, info)) elif (flow.url.find('https://www.googleapis.com/userlocation/v1/reports') == 0): flow.source = 'Location Report' type = 'Location Info' info = flow.requestContent results.append(Result.Result(flow, type, info)) elif (flow.url[:27] == 'https://play.googleapis.com'): flow.source = 'Google Play Store' elif (flow.url[:38] == 'https://g.tenor.com/v1/categories?key='): flow.source = 'Tenor GIF Keyboard' elif (flow.url.find( 'https://playatoms-pa.googleapis.com/v1/archiveDownload') == 0): flow.source = 'Google Play Store Download' elif (flow.url.find('https://www.google.com/complete/search') == 0): flow.source = 'Google Search History Sync' elif (flow.url == 'https://clients3.google.com/generate_204'): flow.source = 'Google Connectivity Check' elif (flow.url.find( 'https://www.googleapis.com/plus/v2whitelisted/people/me') == 0): flow.source = 'Google Friends Lookup' elif (flow.url.find('https://www.gstatic.com/android/keyboard') == 0): flow.source = 'Android Keyboard'