In [7]:
import json
import base64
import hashlib
from base64 import b64encode
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes, padding
from cryptography.hazmat.primitives.asymmetric import rsa
from haralyzer import HarParser

In [8]:
host = "bbc.com"
har_file_path = "../archives/www." + host + ".har"

# Read the content of the HAR file and convert it to a dictionary
with open(har_file_path, "r", encoding="utf-8") as har_file:
    har_data = json.load(har_file)

har_parser = HarParser(har_data)
entries = har_parser.har_data['entries']

print("Number of entries: {}".format(len(entries)))

Number of entries: 100


In [11]:
email_address = 'your_email@example.com'

# Function to check if a string contains the email address
def contains_email(text):
    return email_address in text

# Function to check if a string contains the MD5 hash of the email address
def contains_md5(text):
    hashed_email = hashlib.md5(email_address.encode()).hexdigest()
    return hashed_email in text

# Function to check if a string contains the SHA256 hash of the email address
def contains_sha256(text):
    hashed_email = hashlib.sha256(email_address.encode()).hexdigest()
    return hashed_email in text

# Function to check if a string contains the base64-encoded email address
def contains_base64(text):
    encoded_email = base64.b64encode(email_address.encode()).decode()
    return encoded_email in text

# Iterate through entries in the HAR file and analyze request and response content
for entry in entries:
    request = entry.get('request', {})
    response = entry.get('response', {})

    # Analyze request URL, headers, or POST data
    for text in [request.get('url', ''), str(request.get('headers', '')), str(request.get('postData', ''))]:
        if contains_email(text):
            print(f"Potential email address found in request: {text}")

        if contains_md5(text):
            print(f"Potential MD5 hash of email address found in request: {text}")

    # Analyze response content
    for text in [str(response.get('content', {}).get('text', ''))]:
        if contains_email(text):
            print(f"Potential email address found in response: {text}")

        if contains_md5(text):
            print(f"Potential MD5 hash of email address found in response: {text}")

    # Check for SHA256 hash
    for text in [request.get('url', ''), str(request.get('headers', '')), str(request.get('postData', '')),
                 str(response.get('content', {}).get('text', ''))]:
        if contains_sha256(text):
            print(f"Potential SHA256 hash of email address found: {text}")

    # Check for base64-encoded email address
    for text in [request.get('url', ''), str(request.get('headers', '')), str(request.get('postData', '')),
                 str(response.get('content', {}).get('text', ''))]:
        if contains_base64(text):
            print(f"Potential base64-encoded email address found: {text}")


Potential email address found in response: @keyframes livePulseBackground{0%,to{opacity:1}50%{opacity:.3}}html{overflow-y:scroll}img{-ms-interpolation-mode:bicubic}.b-r a,.b-r abbr,.b-r acronym,.b-r address,.b-r applet,.b-r article,.b-r aside,.b-r audio,.b-r b,.b-r big,.b-r blockquote,.b-r canvas,.b-r caption,.b-r center,.b-r cite,.b-r code,.b-r dd,.b-r del,.b-r details,.b-r dfn,.b-r div,.b-r dl,.b-r dt,.b-r em,.b-r embed,.b-r fieldset,.b-r figcaption,.b-r figure,.b-r footer,.b-r form,.b-r h1,.b-r h2,.b-r h3,.b-r h4,.b-r h5,.b-r h6,.b-r header,.b-r i,.b-r iframe,.b-r img,.b-r ins,.b-r kbd,.b-r label,.b-r legend,.b-r li,.b-r mark,.b-r menu,.b-r object,.b-r ol,.b-r output,.b-r p,.b-r pre,.b-r q,.b-r ruby,.b-r s,.b-r samp,.b-r section,.b-r small,.b-r span,.b-r strike,.b-r strong,.b-r sub,.b-r summary,.b-r sup,.b-r table,.b-r tbody,.b-r td,.b-r tfoot,.b-r th,.b-r thead,.b-r time,.b-r tr,.b-r tt,.b-r u,.b-r ul,.b-r var,.b-r video,body,html{margin:0;padding:0;border:0;font:inherit;vertical-a