def get_history(firefox_path):
"""
This function extracting all the history out of the history database file.
Its accessing the firefox history file database and uses an sql query to get the data.
If error occurs the function returns an array according to the error system that is defined in the error.py file.
:param firefox_path: the firefox profiles path
:return: list of bookmarks - [{'id':{'url':str,'visit_dates': list of str]....]
:return: error number - ['err', [error_number, error_info]...]
"""
select_statement1 = "SELECT id,url,last_visit_date FROM moz_places order by id"
select_statement2 = "SELECT place_id, visit_date FROM moz_historyvisits order by place_id"
profiles = [i for i in os.listdir(firefox_path) if i.endswith('.default')]
history = []
errs = ['err']
for i in profiles:
sqlite_path = firefox_path + i + '\places.sqlite'
if not ut.file_exists(sqlite_path):
errs.append([8, sqlite_path])
cursor = ut.connect_to_sqlite3_db(sqlite_path)
results1 = ut.execute_sql(cursor, select_statement1)
results2 = ut.execute_sql(cursor, select_statement2)
if len(results1) > 0:
history_dict = {}
for row in results1: # Url data
if row[2] > 0:
inner_dict = {}
to_remove = []
for visit in results2: # Each url visit data
if visit[0] == row[0]:
if 'url' in inner_dict: # Checking if the url is already in dictionary
date = str(
datetime.fromtimestamp(
visit[1] /
1000000).strftime('%Y-%m-%d %H:%M:%S'))
inner_dict['visit_dates'].append(date)
to_remove.append(visit)
else: # Adding the visit times if the url is already in the dictionary
inner_dict['url'] = row[1]
date = str(
datetime.fromtimestamp(
visit[1] /
1000000).strftime('%Y-%m-%d %H:%M:%S'))
inner_dict['visit_dates'] = [date]
to_remove.append(visit)
else:
break
history_dict[row[0]] = inner_dict
for r in to_remove: # To reduce runtime
results2.remove(r)
history.append(history_dict)
if len(history) > 0:
if len(errs) > 1:
return [history[0], errs]
return [history[0]]
errs.append([1, select_statement1])
return errs
def get_bookmarks(firefox_path):
"""
This function extracting all the bookmarks out of the bookmarks database file.
Its accessing the firefox bookmarks file database and uses an sql query to get the data.
If error occurs the function returns an array according to the error system that is defined in the error.py file.
:param firefox_path: the firefox profiles path
:return: list of bookmarks - [{'id':{'url':str,'date_added':str,'date_modified':str]....]
:return: error number - ['err', [error_number, error_info]...]
"""
select_statement1 = "SELECT id,fk,parent,dateAdded,lastModified FROM moz_bookmarks"
select_statement2 = "SELECT id,url,visit_count FROM moz_places"
profiles = [i for i in os.listdir(firefox_path) if i.endswith('.default')]
bookmarks = []
errs = ['err']
for i in profiles:
sqlite_path = firefox_path + i + '\places.sqlite'
if not ut.file_exists(sqlite_path):
errs.append([7, sqlite_path])
cursor = ut.connect_to_sqlite3_db(sqlite_path)
results1 = ut.execute_sql(cursor, select_statement1)
results2 = ut.execute_sql(cursor, select_statement2)
book_marks_dict = {}
for row in results1:
if row[1] > 0:
inner_dict = {}
fk = row[1]
for url in results2: # Searching for the url data from the history.
if url[0] == fk:
inner_dict['url'] = url[1]
date = str(
datetime.fromtimestamp(
row[3] /
1000000).strftime('%Y-%m-%d %H:%M:%S'))
inner_dict['date_added'] = date
date = str(
datetime.fromtimestamp(
row[4] /
1000000).strftime('%Y-%m-%d %H:%M:%S'))
inner_dict['date_modified'] = date
results2.remove(url)
book_marks_dict[fk] = inner_dict
break
bookmarks.append(book_marks_dict)
if len(bookmarks) > 0:
if len(errs) > 1:
return [bookmarks[0], errs]
return [bookmarks[0]]
errs.append([1, select_statement1])
return errs
def get_chrome_saved_password(chrome_path):
"""
decrypt the encrypted password in the chrome database.
its accessing the chrome password file database and uses an sql query to get the data.
if error occurs the function returns an array according to the error system that is defined in the error.py file.
:param chrome_path: the chrome databases path
:return: list of the passwords [[website, username, password]...]
:return2: error number - ['err', error_number, error_info]
"""
data_path = os.path.join(chrome_path, 'Login Data')
if not ut.file_exists(data_path):
return ['err', 0, data_path]
cursor = ut.connect_to_sqlite3_db(data_path)
select_statement1 = 'SELECT action_url, username_value, password_value FROM logins'
data = ut.execute_sql(cursor, select_statement1)
if len(data) > 0:
list_of_passwords = []
password = ""
for result in data:
try:
password = win32crypt.CryptUnprotectData(
result[2], None, None, None, 0)[1] # Decrypt the password
list_of_passwords.append((result[0], result[1], password))
except Exception:
list_of_passwords.append((result[0], result[1], password))
return list_of_passwords
else:
return ['err', 1, select_statement1]
def get_chrome_history(chrome_path):
"""
organizing the chrome history data in a dictonary(key = url id in the database)
its accessing the chrome history file database and uses an sql query to get the data.
if error occurs the function returns an array according to the error system that is defined in the error.py file.
:param chrome_path: the chrome databases path
:return: history dictionary - [{url_id:{'url':str,'visit_time':list, 'visit_duration':list}....},google_searches]
:return: error number - ['err', error_number, error_info]
"""
history_db = os.path.join(chrome_path, 'history')
if not ut.file_exists(history_db): # Checking if the database file exists
return ['err', 2, history_db]
cursor = ut.connect_to_sqlite3_db(history_db)
select_statement1 = "SELECT * FROM visits"
select_statement2 = "SELECT * FROM urls"
select_statement3 = "SELECT * FROM keyword_search_terms"
results2 = ut.execute_sql(cursor, select_statement1)
results3 = ut.execute_sql(cursor, select_statement2)
results4 = ut.execute_sql(cursor, select_statement3)
the_dict = {}
if len(results3) > 0:
for url in results3: # Url data
to_remove = []
for visit in results2: # Each url visit data
if url[0] == visit[1]:
if url[0] not in the_dict: # Checking if the url is already in dictionary
inner_dict = {}
inner_dict['url'] = url[1]
inner_dict['visit_time'] = [str(ut.real_time_google(visit[2]))]
inner_dict['visit_duration'] = [str(ut.real_time_google(visit[6], True))]
the_dict[url[0]] = inner_dict
to_remove.append(visit)
else: # Adding the visit times and durations if the url is already in the dictionary
the_dict[url[0]]['visit_time'].append(str(ut.real_time_google(visit[2])))
the_dict[url[0]]['visit_duration'].append(str(ut.real_time_google(visit[6], True)))
to_remove.append(visit)
for r in to_remove: # To reduce runtime
results2.remove(r)
searches = {}
for search in results4: # Adding the google searches
if search[1] in the_dict: # Chrome saving the history for 90 days but the searches fo longer
url = the_dict[search[1]]
searches[search[2]] = url
else: # Occurs if the search is older than 90 days
searches[search[2]] = ""
return [the_dict, searches]
return ['err', 1, select_statement2]
def get_accounts(path):
"""
searching in the skype database for information on the skype user or users.
:param path: the path of the skype database file
:return1: error number
:return2: skype user information
"""
select_statement = "SELECT id,skypename,fullname,birthday,gender,languages,country,city,emails,mood_text FROM Accounts"
select_statement2 = "SELECT key, value FROM key_value"
cursor = ut.connect_to_sqlite3_db(path[1])
if path[0] == 1:
try:
results = ut.execute_sql(cursor, select_statement)
if len(results) > 0:
inner_dict = {}
inner_dict['username'] = str(results[0][1])
inner_dict['fullname'] = str(results[0][2])
inner_dict['birthday'] = str(results[0][3])
gender = "female"
if results[0][4] == 1:
gender = "male"
inner_dict['gender'] = gender
inner_dict['language'] = str(results[0][5])
inner_dict['country'] = str(results[0][6])
inner_dict['city'] = str(results[0][7])
inner_dict['email'] = str(results[0][8])
inner_dict['mood'] = str(results[0][9])
return [inner_dict]
return ['err', 1, select_statement]
except Exception as ex:
return ['err', 13, path[1], ex]
if path[0] == 2:
try:
results = ut.execute_sql(cursor, select_statement2)
if len(results) > 0:
inner_dict = {}
inner_dict['username'] = results[1][1]
inner_dict['fullname'] = results[2][1]
inner_dict['mood'] = results[5]
inner_dict['avatar_url'] = results[6]
return [inner_dict]
return ['err', 1, select_statement2]
except Exception as ex:
return ['err', 13, path[1], ex]
def get_all_cookies(chrome_path):
"""
this function decrypt all the encrypted cookis out of the cookie file.
its accessing the chrome bookmarks file database and uses an sql query to get the data.
if error occurs the function returns an array according to the error system that is defined in the error.py file.
:param chrome_path: the chrome databases path
:return: list of cookies - [{'host':{'name':str,'value':str,'expire':str,'time_created':str}]....]
:return: error number - ['err', error_number, error_info]
"""
data_path = os.path.join(chrome_path, 'Cookies')
if not ut.file_exists(data_path): # checking if the database file exists
return ['err', 4, data_path]
cursor = ut.connect_to_sqlite3_db(data_path)
data = ut.execute_sql(cursor, SELECT_STATEMENT1)
x = 0
if len(data) > 0:
cookies = {}
for result in data:
try:
cookie = win32crypt.CryptUnprotectData(
result[0], None, None, None, 0)[1] # Decrypts the cookie
except Exception, e:
continue
if cookie:
if len(result[1]) > 0:
if result[1][0] == '.':
host = result[1][1:]
else:
host = result[1]
else:
host = "no site" + str(x)
x += 1
time = ut.real_time_google(result[3])
time2 = ut.real_time_google(result[4])
inner_dict = {
"name": result[2],
"value": cookie,
"expire": str(time),
"time_created": str(time2)
}
if host not in cookies: # Its possible that a site have a multiply cookies
cookies[host] = [inner_dict]
else:
cookies[host].append(inner_dict)
return [cookies]
def get_all_cookies(firefox_path):
"""
This function extracting all the cookies out of the cookies database file.
Its accessing the firefox cookies file database and uses an sql query to get the data.
If error occurs the function returns an array according to the error system that is defined in the error.py file.
:param firefox_path: the firefox profiles path
:return: list of bookmarks:[{'host':{'name':str,'value':str,'creationTime':str,'expiry':str]-some cookies for host}]
:return: error number - ['err', [error_number, error_info]...]
"""
select_statement1 = "SELECT baseDomain, name, value, expiry,creationTime FROM moz_cookies"
profiles = [i for i in os.listdir(firefox_path) if i.endswith('.default')]
cookies = []
errs = ['err']
for i in profiles:
sqlite_path = firefox_path + i + '\cookies.sqlite'
if not ut.file_exists(sqlite_path):
errs.append([9, sqlite_path])
cursor = ut.connect_to_sqlite3_db(sqlite_path)
results1 = ut.execute_sql(cursor, select_statement1)
cookies_dict = {}
if len(results1) > 0:
for cookie in results1:
creation = str(
datetime.fromtimestamp(
cookie[4] / 1000000).strftime('%Y-%m-%d %H:%M:%S'))
expiry = str(
datetime.fromtimestamp(
cookie[3] / 1000000).strftime('%Y-%m-%d %H:%M:%S'))
inner_dict = {
"name": cookie[1],
'value': cookie[2],
'creationTime': creation,
'expiry': expiry
}
if not cookie[0] in cookies_dict:
cookies_dict[cookie[0]] = [inner_dict]
else:
cookies_dict[cookie[0]].append(inner_dict)
cookies.append(cookies_dict)
if len(cookies) > 0:
if len(errs) > 1:
return [cookies[0], errs]
return [cookies[0]]
errs.append([1, select_statement1])
return errs
def get_messages(path):
"""
searching in the skype database for messages that the user got or sent .
:param path: the path of the skype database file
:return1: errornumber
:return2: skype user information
"""
select_statement1 = "SELECT convo_id , chatname, author, datetime(timestamp + 10800, 'unixepoch') as date,body_xml, type, identities, edited_by FROM Messages order by convo_id"
select_statement2 = "SELECT convo_id,identity FROM Participants order by convo_id"
select_statement3 = "SELECT convdbid,originalarrivaltime ,editedtime ,content,author, messagetype FROM messages order by convdbid"
select_statement4 = "SELECT dbid,type,id,thread_admins FROM conversations order by dbid "
cursor = ut.connect_to_sqlite3_db(path[1])
MESSAGES = {}
if path[0] == 1:
try:
results = ut.execute_sql(cursor, select_statement1)
results2 = ut.execute_sql(cursor, select_statement2)
if len(results) > 0:
for message in results:
if not message[0] in MESSAGES:
inner_dict = {}
inner_dict['group'] = "No"
inner_dict['participatins'] = ""
m_from = message[2]
to_remove = []
temp = None
count = 0
for parti in results2:
if parti[0] == message[0]:
if parti[1] != m_from:
count += 1
inner_dict[
'participatins'] += parti[1] + ", "
to_remove.append(parti)
temp = parti[1]
else:
if temp != None:
break
if count > 1:
inner_dict['group'] = "Yes"
inner_dict[
'participatins'] += m_from #inner_dict['participatins'][:-2]
for i in to_remove:
results2.remove(i)
msg = message[4]
if '<a href' == str(msg)[:7]:
msg = html.fromstring(str(msg))
msg = msg.xpath('//a/@href')
msg = msg[0]
elif message[5] == MESSAGES_TYPE_CALL:
msg = "Call Started With: " + message[6]
elif message[5] == MESSAGES_TYPE_CALL_END:
msg = "Call Ended With: " + message[6]
elif message[5] == MESSAGES_TYPE_PARTICIPANTS:
msg = m_from + " Added " + message[6]
elif message[5] == MESSAGES_TYPE_REMOVE:
msg = m_from + " Removed " + message[6]
elif message[5] == MESSAGES_TYPE_LEAVE:
msg = message[6] + " Left From The Call"
# elif message[5] == MESSAGES_TYPE_TOPIC:
# print message[7]
# msg = message[7] + " Changed The Topic To" + str(msg)
inner_dict['messages'] = [{
'time': message[3],
'message': msg,
'from': m_from
}]
MESSAGES[message[0]] = inner_dict
else:
m_from = message[2]
msg = message[4]
if '<a href' == str(msg)[:7]:
msg = html.fromstring(str(msg))
msg = msg.xpath('//a/@href')
msg = msg[0]
elif message[5] == MESSAGES_TYPE_CALL:
msg = "Call Started"
elif message[5] == MESSAGES_TYPE_CALL_END:
msg = "Call Ended"
elif message[5] == MESSAGES_TYPE_MESSAGE:
msg = message[4]
elif message[5] == MESSAGES_TYPE_PARTICIPANTS:
msg = m_from + " Added " + message[6]
elif message[5] == MESSAGES_TYPE_REMOVE:
msg = m_from + " Removed " + message[6]
elif message[5] == MESSAGES_TYPE_LEAVE:
msg = message[6] + " Left From The Call"
# elif message[5] == MESSAGES_TYPE_TOPIC:
# print message[7]
# msg = message[7] + " Changed The Topic To" + str(msg)
MESSAGES[message[0]]['messages'].append({
'time':
message[3],
'message':
msg,
'from':
message[2]
})
return [MESSAGES]
return ['err', 1, select_statement1]
except Exception as ex:
return ['err', 13, path[1], ex]
if path[0] == 2:
try:
results = ut.execute_sql(cursor, select_statement3)
results2 = ut.execute_sql(cursor, select_statement4)
if len(results) > 0:
for message in results:
if not message[0] in MESSAGES:
inner_dict = {}
indx = message[4].find(":")
m_from = message[4][indx + 1:]
for parti in results2:
if parti[0] == message[0]:
if parti[1] == '8':
inner_dict['group'] = "No"
inner_dict['participatins'] = [
m_from, parti[3]
]
results2.remove(parti)
break
if parti[1] == '19':
inner_dict['group'] = "Yes"
if parti[3]:
partis = parti[3].replace(
'8:', '').split(' ')
else:
partis = ""
inner_dict['participatins'] = partis
results2.remove(parti)
break
msg = message[3]
if message[5] == 10:
msg = "Call Ended/Started"
inner_dict['group'] = "Yes"
inner_dict['messages'] = [{
'edit_time': message[2],
'time': message[1],
'message': msg,
'from': m_from
}]
MESSAGES[message[0]] = inner_dict
else:
msg = message[3]
if message[5] == 10:
msg = "Call Ended/Started"
indx = message[4].find(":")
m_from = message[4][indx + 1:]
MESSAGES[message[0]]['messages'].append({
'edit_time':
message[2],
'time':
message[1],
'message':
msg,
'from':
m_from
})
return [MESSAGES]
return ['err', 1, select_statement1]
except Exception as ex:
print ex
return ['err', 13, path[1], ex]
def get_contacts(path):
"""
searching in the skype database for contacts of the skype user or users.
:param path: the path of the skype database file
:return1: error number
:return2: skype users contacts
"""
select_statement = "SELECT skypename,fullname,birthday,gender,country,city,phone_home,phone_office,phone_mobile,emails,homepage,about,mood_text,avatar_url FROM Contacts"
select_statement2 = "SELECT mri,full_name,birthday,gender,country,city,assigned_phonenumber_3,assigned_phonenumber_2,assigned_phonenumber_1,phone_number_home,phone_number_office,phone_number_mobile,homepage,about_me,avatar_url,avatar_downloaded_from ,contact_type FROM Contacts"
Contacts = {}
cursor = ut.connect_to_sqlite3_db(path[1])
if path[0] == 1:
try:
results = ut.execute_sql(cursor, select_statement)
if len(results) > 0:
for contact in results:
inner_dict = {}
inner_dict['username'] = contact[0]
inner_dict['fullname'] = contact[1]
if contact[2] != None:
inner_dict['birthday'] = str(
contact[2])[:4] + "/" + str(
contact[2])[4:6] + "/" + str(contact[2])[6:]
else:
inner_dict['birthday'] = "Never Borned"
gender = 'female'
if contact[3] == 1:
gender = "male"
inner_dict['gender'] = gender
inner_dict['country'] = contact[4]
inner_dict['city'] = contact[5]
inner_dict['phones'] = [contact[6], contact[7], contact[8]]
inner_dict['email'] = contact[9]
inner_dict['realeted_urls'] = [
contact[10], contact[11], contact[12]
]
inner_dict['avatar_profile'] = contact[13]
Contacts[contact[0]] = inner_dict
return [Contacts]
return ['err', 1, select_statement]
except Exception as ex:
return ['err', 13, path[1], ex]
if path[0] == 2:
try:
results = ut.execute_sql(cursor, select_statement2)
if len(results) > 0:
for contact in results:
if contact[16] == 8:
inner_dict = {}
skype_name = contact[0]
indx = skype_name.find(':')
skype_name = skype_name[indx + 1:]
inner_dict['fullname'] = contact[1]
if contact[2] != None:
inner_dict['birthday'] = str(
contact[2])[:4] + "/" + str(
contact[2])[4:6] + "/" + str(
contact[2])[6:]
else:
inner_dict['birthday'] = "Never Borned"
gender = 'female'
if contact[3] == 1:
gender = "male"
inner_dict['gender'] = gender
inner_dict['country'] = contact[4]
inner_dict['city'] = contact[5]
inner_dict['phones'] = [
contact[6], contact[7], contact[8], contact[9],
contact[10], contact[11]
]
inner_dict['realeted_urls'] = [
contact[12], contact[13]
]
inner_dict['avatar_profile'] = [
contact[14], contact[15]
]
Contacts[skype_name] = inner_dict
return [Contacts]
return ['err', 1, select_statement2]
except Exception as ex:
return ['err', 13, path[1], ex]