def testParsingChromeCookieDatabase(self): """Test the process function on a Chrome cookie database.""" plugin = chrome_cookies.Chrome17CookiePlugin() storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'], plugin) events = self._GetAnalyticsCookieEvents(storage_writer) # The cookie database contains 560 entries in total. Out of them # there are 75 events created by the Google Analytics plugin. self.assertEqual(len(events), 75) self.assertEqual(storage_writer.number_of_extraction_warnings, 0) self.assertEqual(storage_writer.number_of_recovery_warnings, 0) # Check few "random" events to verify. # Check an UTMZ Google Analytics event. expected_event_values = { 'cookie_name': '__utmz', 'data_type': 'cookie:google:analytics:utmz', 'domain_hash': '68898382', 'sessions': 1, 'sources': 1, 'url': 'http://imdb.com/', 'utmccn': '(organic)', 'utmctr': 'enders game', 'utmcmd': 'organic', 'utmcsr': 'google' } self.CheckEventValues(storage_writer, events[39], expected_event_values) # Check the UTMA Google Analytics event. expected_event_values = { 'cookie_name': '__utma', 'data_type': 'cookie:google:analytics:utma', 'date_time': '2012-03-22 01:55:29', 'domain_hash': '151488169', 'sessions': 2, 'timestamp_desc': 'Analytics Previous Time', 'url': 'http://assets.tumblr.com/', 'visitor_id': '1827102436' } self.CheckEventValues(storage_writer, events[41], expected_event_values) # Check the UTMB Google Analytics event. expected_event_values = { 'cookie_name': '__utmb', 'data_type': 'cookie:google:analytics:utmb', 'date_time': '2012-03-22 01:48:30', 'domain_hash': '154523900', 'pages_viewed': 1, 'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_VISITED, 'url': 'http://upressonline.com/' } self.CheckEventValues(storage_writer, events[34], expected_event_values)
def testParsingChromeCookieDatabase(self): """Test the process function on a Chrome cookie database.""" plugin = chrome_cookies.Chrome17CookiePlugin() storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'], plugin) events = self._GetAnalyticsCookieEvents(storage_writer) self.assertEqual(storage_writer.number_of_warnings, 0) # The cookie database contains 560 entries in total. Out of them # there are 75 events created by the Google Analytics plugin. self.assertEqual(len(events), 75) # Check few "random" events to verify. # Check an UTMZ Google Analytics event. event = events[39] event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.utmctr, 'enders game') self.assertEqual(event_data.domain_hash, '68898382') self.assertEqual(event_data.sessions, 1) expected_message = ( 'http://imdb.com/ (__utmz) Sessions: 1 Domain Hash: 68898382 ' 'Sources: 1 Last source used to access: google Ad campaign ' 'information: (organic) Last type of visit: organic Keywords ' 'used to find site: enders game') expected_short_message = 'http://imdb.com/ (__utmz)' self._TestGetMessageStrings(event_data, expected_message, expected_short_message) # Check the UTMA Google Analytics event. event = events[41] self.CheckTimestamp(event.timestamp, '2012-03-22 01:55:29.000000') self.assertEqual(event.timestamp_desc, 'Analytics Previous Time') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.cookie_name, '__utma') self.assertEqual(event_data.visitor_id, '1827102436') self.assertEqual(event_data.sessions, 2) expected_message = ('http://assets.tumblr.com/ (__utma) ' 'Sessions: 2 ' 'Domain Hash: 151488169 ' 'Visitor ID: 1827102436') expected_short_message = 'http://assets.tumblr.com/ (__utma)' self._TestGetMessageStrings(event_data, expected_message, expected_short_message) # Check the UTMB Google Analytics event. event = events[34] self.CheckTimestamp(event.timestamp, '2012-03-22 01:48:30.000000') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_VISITED) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.cookie_name, '__utmb') self.assertEqual(event_data.domain_hash, '154523900') self.assertEqual(event_data.pages_viewed, 1) expected_message = ( 'http://upressonline.com/ (__utmb) Pages Viewed: 1 Domain Hash: ' '154523900') expected_short_message = 'http://upressonline.com/ (__utmb)' self._TestGetMessageStrings(event_data, expected_message, expected_short_message)
def testProcess(self): """Tests the Process function on a Chrome cookie database file.""" plugin = chrome_cookies.Chrome17CookiePlugin() storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'], plugin) # Since we've got both events generated by cookie plugins and the Chrome # cookie plugin we need to separate them. events = [] extra_objects = [] for event in storage_writer.GetEvents(): event_data = self._GetEventDataOfEvent(storage_writer, event) if event_data.data_type == 'chrome:cookie:entry': events.append(event) else: extra_objects.append(event) # The cookie database contains 560 entries: # 560 creation timestamps. # 560 last access timestamps. # 560 expired timestamps. # Then there are extra events created by plugins: # 75 events created by Google Analytics cookies. # In total: 1755 events. self.assertEqual(len(events), 3 * 560) self.assertEqual(len(extra_objects), 75) # Check few "random" events to verify. # Check one linkedin cookie. event = events[124] self.CheckTimestamp(event.timestamp, '2011-08-25 21:50:27.292367') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.host, 'www.linkedin.com') self.assertEqual(event_data.cookie_name, 'leo_auth_token') self.assertFalse(event_data.httponly) self.assertEqual(event_data.url, 'http://www.linkedin.com/') expected_message = ( 'http://www.linkedin.com/ (leo_auth_token) Flags: [HTTP only] = False ' '[Persistent] = True') expected_short_message = 'www.linkedin.com (leo_auth_token)' self._TestGetMessageStrings(event_data, expected_message, expected_short_message) # Check one of the visits to rubiconproject.com. event = events[379] self.CheckTimestamp(event.timestamp, '2012-04-01 13:54:34.949210') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_LAST_ACCESS) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.url, 'http://rubiconproject.com/') self.assertEqual(event_data.path, '/') self.assertFalse(event_data.secure) self.assertTrue(event_data.persistent) expected_message = ( 'http://rubiconproject.com/ (put_2249) Flags: [HTTP only] = False ' '[Persistent] = True') self._TestGetMessageStrings(event_data, expected_message, 'rubiconproject.com (put_2249)') # Examine an event for a visit to a political blog site. event = events[444] self.CheckTimestamp(event.timestamp, '2012-03-22 01:47:21.012022') event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual( event_data.path, '/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/') self.assertEqual(event_data.host, 'politicalticker.blogs.cnn.com') # Examine a cookie that has an autologin entry. event = events[1425] self.CheckTimestamp(event.timestamp, '2012-04-01 13:52:56.189444') self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_CREATION) event_data = self._GetEventDataOfEvent(storage_writer, event) self.assertEqual(event_data.host, 'marvel.com') self.assertEqual(event_data.cookie_name, 'autologin[timeout]') # This particular cookie value represents a timeout value that corresponds # to the expiration date of the cookie. self.assertEqual(event_data.data, '1364824322') # Examine a cookie expiry event. event = events[2] self.assertEqual(event.timestamp_desc, definitions.TIME_DESCRIPTION_EXPIRATION) self.CheckTimestamp(event.timestamp, '2013-08-14 14:19:42.000000')
def testProcess(self): """Tests the Process function on a Chrome cookie database file.""" plugin = chrome_cookies.Chrome17CookiePlugin() storage_writer = self._ParseDatabaseFileWithPlugin(['cookies.db'], plugin) # Since we've got both events generated by cookie plugins and the Chrome # cookie plugin we need to separate them. events = [] extra_objects = [] for event in storage_writer.GetEvents(): event_data = self._GetEventDataOfEvent(storage_writer, event) if event_data.data_type == 'chrome:cookie:entry': events.append(event) else: extra_objects.append(event) # The cookie database contains 560 entries: # 560 creation timestamps. # 560 last access timestamps. # 560 expired timestamps. # Then there are extra events created by plugins: # 75 events created by Google Analytics cookies. # In total: 1755 events. self.assertEqual(len(events), 3 * 560) self.assertEqual(len(extra_objects), 75) # Check one www.linkedin.com cookie. expected_event_values = { 'cookie_name': 'leo_auth_token', 'data_type': 'chrome:cookie:entry', 'host': 'www.linkedin.com', 'httponly': False, 'persistent': True, 'timestamp': '2011-08-25 21:50:27.292367', 'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_ACCESS, 'url': 'http://www.linkedin.com/'} self.CheckEventValues(storage_writer, events[124], expected_event_values) # Check one of the visits to rubiconproject.com. expected_event_values = { 'cookie_name': 'put_2249', 'data_type': 'chrome:cookie:entry', 'httponly': False, 'path': '/', 'persistent': True, 'secure': False, 'timestamp': '2012-04-01 13:54:34.949210', 'timestamp_desc': definitions.TIME_DESCRIPTION_LAST_ACCESS, 'url': 'http://rubiconproject.com/'} self.CheckEventValues(storage_writer, events[379], expected_event_values) # Examine an event for a visit to a political blog site. expected_event_values = { 'data_type': 'chrome:cookie:entry', 'host': 'politicalticker.blogs.cnn.com', 'path': '/2012/03/21/romney-tries-to-clean-up-etch-a-sketch-mess/', 'timestamp': '2012-03-22 01:47:21.012022'} self.CheckEventValues(storage_writer, events[444], expected_event_values) # Examine a cookie that has an autologin entry. expected_event_values = { 'cookie_name': 'autologin[timeout]', 'data_type': 'chrome:cookie:entry', # This particular cookie value represents a timeout value that # corresponds to the expiration date of the cookie. 'data': '1364824322', 'host': 'marvel.com', 'timestamp': '2012-04-01 13:52:56.189444', 'timestamp_desc': definitions.TIME_DESCRIPTION_CREATION} self.CheckEventValues(storage_writer, events[1425], expected_event_values) # Examine a cookie expiry event. expected_event_values = { 'data_type': 'chrome:cookie:entry', 'timestamp': '2013-08-14 14:19:42.000000', 'timestamp_desc': definitions.TIME_DESCRIPTION_EXPIRATION} self.CheckEventValues(storage_writer, events[2], expected_event_values)