This time i will present 2 tutorials in one. One part describe how to create a simple Python package. The other part gives security testers a hint for sensible data. It is recommended to work with python virtualenv!
Preconditions
- Python 2.7.x
- pip, virtualenv, setuptools
- Skype
Background
Skype stores sensible data, unencrypted, in a simple sqlite database (main.db). You would be surprised what information can be found there!
Example Locations
- Mac OS – /Users/Library/Application Support/Skype/main.db
- Windows – C:\Documents and Settings\Application Data\Skype\main.db
Python Package
. ├── MANIFEST.in ├── README.rst ├── SkypeSpy │ └── __init__.py └── setup.py
# -*- coding: utf-8 -*-
from setuptools import setup
def readme():
with open('README.rst') as f:
return f.read()
setup(
name='SkypeSpy',
version='1.0.0',
description='Read values from Skype sqlite',
long_description=readme(),
url='<domain>',
author='<author>',
author_email='<email>',
license='<license>',
packages=['SkypeSpy'],
include_package_data=True
)
SkypeSpy
--------
To use (with caution), simply do::
>>> from SkypeSpy import SkypeInformation
>>> SkypeInformation.set_db_path('path')
>>> print SkypeInformation.get_accounts()
>>> print SkypeInformation.get_contacts()
include README.rst
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import sqlite3
class SkypeInformation(object):
__DATABASE_PATH = str()
@staticmethod
def set_db_path(db_path):
SkypeInformation.__DATABASE_PATH = str(db_path)
@staticmethod
def __read_from_db(sql_statement):
"""
Read testsuite from sqlite file
@type sql_statement: string
@param sql_statement: sqlite select statement
@return: list
"""
db = sqlite3.connect(SkypeInformation.__DATABASE_PATH)
statement = str(sql_statement)
try:
cursor = db.cursor()
cursor.execute(statement)
values = cursor.fetchall()
except sqlite3.Error:
values = list()
finally:
db.close()
return values
@staticmethod
def get_accounts():
statement = """SELECT DISTINCT
liveid_membername, skypename, fullname, gender,
languages, country, province, city, phone_home,
phone_office, phone_mobile, emails, homepage
FROM Accounts;"""
return SkypeInformation.__read_from_db(statement)
@staticmethod
def get_contacts():
statement = """SELECT DISTINCT
skypename, fullname, gender, languages, country,
province, city, phone_home, phone_office, phone_mobile,
emails, homepage
FROM Contacts;"""
return SkypeInformation.__read_from_db(statement)
Install and execute
You can now create another environment (with virtualenv) and install the package.
# install via pip $ pip install file:///path/to/SkypeSpy
#!/usr/bin/env python
import os
from SkypeSpy import SkypeInformation
def run():
my_path = '/path/to/main.db'
if os.path.exists(my_path):
SkypeInformation.set_db_path(my_path)
print SkypeInformation.get_contacts()
print SkypeInformation.get_accounts()
if __name__ == '__main__':
run()
More
There are other tables with information! Expand the package as desired.