Google Chrome Cache Parser

[felipecampanini]

Change Discord Parser to interpret Google Chrome browser cached data

[lfcnassif]

Thanks @felipecampanini. Wouldn't it be better to create another parser? Or is there a lot of code that could be reused?

[felipecampanini]

So, the 4 classes of the "iped.parsers.discord.cache" package will be common to both parsers. The classes in "iped.parsers.discord.json" and "iped.parsers.discord" can be used by Chrome cache parser if chats are found in Google Chrome cache.

Since the parser code will change a lot, I thought of:

1 - Develop a new class for the parser, called ChromeCacheParser, which would be in the "iped.parsers.browsers.chrome" package.

2 - Move the classes from the "iped.parsers.discord.cache" package to "iped.parsers.browsers.cache", since the cache structure is used by several tools.

I've had to change the Index, CacheAddr, and CacheEntry classes so far, so I'll need to retest Discord's parser.

If you can give your opinion, I appreciate it.

[lfcnassif]

Seems very good to me!

[felipecampanini]

Hi @lfcnassif, I have some changes to send.

Some things were a little different from what I had commented above:

The "ChromeCacheParser" class was created, it is the old "DiscordParser", it receives the Index files with mime "application/x-discord-index" and "application/x-chrome-cache-index", since the structure of caching is the same. I treated the two mimes in the same class since in the discord cache, for example, there may be several files, however, no chat. Therefore, I thought of treating both caches in this class, so as not to have code duplication.

The "DiscordParser" class now only handles chats. Perhaps a more suitable name would be "DiscordChatParser".

An important correction was made with performance improvement and disk usage in the CacheAddr class, now it returns the InputStream of exactly the necessary size.

I would have sent the changes today, however, when I renamed the classes, the parser stopped working. I recorded the parser's new name in "ParserConfig.xml", in addition to the automatic changes that were made in the GraphTask, HtmlLinkViewer, QueuesProcessingOrder and ReferencedFileViewer classes.

Do you have any idea which file is missing to update with the new parser name? If you can give your opinion on these changes I would appreciate it.

I didn't change the "RefineCategoryTask.js" file, it's still like this:

if(mime.equals("application/x-chrome-cache-index") && path.contains("/appdata/roaming/discord")){ if(e.getPath().toLowerCase().contains("gpucache")){ e.setMediaTypeStr("application/x-discord-gpucache-index"); } else { e.setMediaTypeStr("application/x-discord-index"); } }

ParserConfig.xml:
... <parser class="iped.parsers.python.PythonParser"></parser> <parser class="iped.parsers.mail.win10.Win10MailParser"></parser> <parser class="iped.parsers.browsers.chrome.ChromeCacheParser"></parser> ...

[lfcnassif]

Hi @felipecampanini, sorry for the late reply. I'm not sure if we should rename the parser, as it is a breaking API change and can break some profiles created by users. So I think it would be better to keep the name as is for now and put some TODO in the class description explaining it.

[felipecampanini]

Got it, didn't know. I'll keep it as it is then. Thanks!

[felipecampanini]

Hello @lfcnassif, I sent the first version of the new parser, as there is that name problem and now the class works for any cache with google chrome cache structure, I put all the code in the same class (DiscordParser), see if it was good, any necessary change can ask me.

I had created two mime types "application/x-discord-index" and "application/x-chrome-cache-index", but for some reason the parser wouldn't start when I put two mimes in the SUPPORTED_TYPES variable, so I left the lines commented out for now.

I have a small bugfix for the "DiscordHTMLReport" class, however, I still haven't been able to finish the tests.

[lfcnassif]

I had created two mime types "application/x-discord-index" and "application/x-chrome-cache-index", but for some reason the parser wouldn't start when I put two mimes in the SUPPORTED_TYPES variable, so I left the lines commented out for now.

Hi @felipecampanini, I'm really sorry for my very late replay, this disappeared in my task queue... Declaring 2 mimes into SUPPORTED_TYPES should work, was you able to make it work since then?

[felipecampanini]

Hi @felipecampanini, I'm really sorry for my very late replay, this disappeared in my task queue... Declaring 2 mimes into SUPPORTED_TYPES should work, was you able to make it work since then?

Hi @lfcnassif, no problem, I haven't touched this part of the code since then, I'll try again to add two mimes, there must be some detail that I'm not noticing.