mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-29 07:39:00 +00:00
Merge branch 'main' of github.com:mvt-project/mvt
This commit is contained in:
commit
d2bf348b03
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
# Mobile Verification Toolkit (MVT)
|
# Mobile Verification Toolkit (MVT)
|
||||||
# Copyright (c) 2021 The MVT Project Authors.
|
# Copyright (c) 2021 The MVT Project Authors.
|
||||||
# Use of this software is governed by the MVT License 1.1 that can be found at
|
# Use of this software is governed by the MVT License 1.1 that can be found at
|
||||||
|
@ -78,6 +77,9 @@ class ConfigurationProfiles(IOSExtraction):
|
||||||
|
|
||||||
if "SignerCerts" in conf_plist:
|
if "SignerCerts" in conf_plist:
|
||||||
conf_plist["SignerCerts"] = [b64encode(x) for x in conf_plist["SignerCerts"]]
|
conf_plist["SignerCerts"] = [b64encode(x) for x in conf_plist["SignerCerts"]]
|
||||||
|
if "OTAProfileStub" in conf_plist:
|
||||||
|
if "SignerCerts" in conf_plist["OTAProfileStub"]:
|
||||||
|
conf_plist["OTAProfileStub"]["SignerCerts"] = [b64encode(x) for x in conf_plist["OTAProfileStub"]["SignerCerts"]]
|
||||||
if "PushTokenDataSentToServerKey" in conf_plist:
|
if "PushTokenDataSentToServerKey" in conf_plist:
|
||||||
conf_plist["PushTokenDataSentToServerKey"] = b64encode(conf_plist["PushTokenDataSentToServerKey"])
|
conf_plist["PushTokenDataSentToServerKey"] = b64encode(conf_plist["PushTokenDataSentToServerKey"])
|
||||||
if "LastPushTokenHash" in conf_plist:
|
if "LastPushTokenHash" in conf_plist:
|
||||||
|
|
|
@ -62,6 +62,7 @@ class SafariBrowserState(IOSExtraction):
|
||||||
self.detected.append(result)
|
self.detected.append(result)
|
||||||
|
|
||||||
def _process_browser_state_db(self, db_path):
|
def _process_browser_state_db(self, db_path):
|
||||||
|
self._recover_sqlite_db_if_needed(db_path)
|
||||||
conn = sqlite3.connect(db_path)
|
conn = sqlite3.connect(db_path)
|
||||||
|
|
||||||
cur = conn.cursor()
|
cur = conn.cursor()
|
||||||
|
@ -92,8 +93,12 @@ class SafariBrowserState(IOSExtraction):
|
||||||
if row[4]:
|
if row[4]:
|
||||||
# Skip a 4 byte header before the plist content.
|
# Skip a 4 byte header before the plist content.
|
||||||
session_plist = row[4][4:]
|
session_plist = row[4][4:]
|
||||||
|
session_data = {}
|
||||||
|
try:
|
||||||
session_data = plistlib.load(io.BytesIO(session_plist))
|
session_data = plistlib.load(io.BytesIO(session_plist))
|
||||||
session_data = keys_bytes_to_string(session_data)
|
session_data = keys_bytes_to_string(session_data)
|
||||||
|
except plistlib.InvalidFileException:
|
||||||
|
pass
|
||||||
|
|
||||||
if "SessionHistoryEntries" in session_data.get("SessionHistory", {}):
|
if "SessionHistoryEntries" in session_data.get("SessionHistory", {}):
|
||||||
for session_entry in session_data["SessionHistory"].get("SessionHistoryEntries"):
|
for session_entry in session_data["SessionHistory"].get("SessionHistoryEntries"):
|
||||||
|
@ -114,7 +119,6 @@ class SafariBrowserState(IOSExtraction):
|
||||||
})
|
})
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
|
|
||||||
if self.is_backup:
|
if self.is_backup:
|
||||||
for backup_file in self._get_backup_files_from_manifest(relative_path=SAFARI_BROWSER_STATE_BACKUP_RELPATH):
|
for backup_file in self._get_backup_files_from_manifest(relative_path=SAFARI_BROWSER_STATE_BACKUP_RELPATH):
|
||||||
self.file_path = self._get_backup_file_from_id(backup_file["file_id"])
|
self.file_path = self._get_backup_file_from_id(backup_file["file_id"])
|
||||||
|
|
Binary file not shown.
36
tests/ios/test_safari_browserstate.py
Normal file
36
tests/ios/test_safari_browserstate.py
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Mobile Verification Toolkit (MVT)
|
||||||
|
# Copyright (c) 2021 The MVT Project Authors.
|
||||||
|
# Use of this software is governed by the MVT License 1.1 that can be found at
|
||||||
|
# https://license.mvt.re/1.1/
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
|
from mvt.common.indicators import Indicators
|
||||||
|
from mvt.common.module import run_module
|
||||||
|
from mvt.ios.modules.mixed.safari_browserstate import SafariBrowserState
|
||||||
|
|
||||||
|
from ..utils import get_backup_folder
|
||||||
|
|
||||||
|
|
||||||
|
class TestSafariBrowserStateModule:
|
||||||
|
def test_parsing(self):
|
||||||
|
m = SafariBrowserState(base_folder=get_backup_folder(), log=logging, results=[])
|
||||||
|
m.is_backup = True
|
||||||
|
run_module(m)
|
||||||
|
assert m.file_path != None
|
||||||
|
assert len(m.results) == 1
|
||||||
|
assert len(m.timeline) == 1
|
||||||
|
assert len(m.detected) == 0
|
||||||
|
|
||||||
|
def test_detection(self, indicator_file):
|
||||||
|
m = SafariBrowserState(base_folder=get_backup_folder(), log=logging, results=[])
|
||||||
|
m.is_backup = True
|
||||||
|
ind = Indicators(log=logging)
|
||||||
|
ind.parse_stix2(indicator_file)
|
||||||
|
# Adds a file that exists in the manifest.
|
||||||
|
ind.ioc_files[0]["domains"].append("en.wikipedia.org")
|
||||||
|
m.indicators = ind
|
||||||
|
run_module(m)
|
||||||
|
assert len(m.detected) == 1
|
||||||
|
assert len(m.results) == 1
|
||||||
|
assert m.results[0]["tab_url"] == "https://en.wikipedia.org/wiki/NSO_Group"
|
Loading…
Reference in New Issue
Block a user