search

Browser

hashtag
Chrome

hashtag
hindsight

Web browser forensics tool for Google Chrome/Chromium-based browsers.

  • Installation

sudo apt update
sudo apt install -y sqlitebrowser
git clone https://github.com/obsidianforensics/hindsight.git
cd hindsight
python3 -m venv venv && source venv/bin/activate
pip3 install -r requirements.txt
python3 setup.py install
deactivate
npm install sqlite-browser
npm install sqlite3

  • Usage

source venv/bin/activate && python3 hindsight_gui.py

hashtag
Firefox

  • Profile locations

hashtag
dumpzilla

Web browser forensics tool for Firefox.

  • Installation

Download the Python script from the official website https://www.dumpzilla.org/arrow-up-right for Unix/Windows Or directly via the command line:

  • Usage

The option --All can extract everything the tool can extract.

The most interesting options are:

  • --Downloads: it shows what links were used for downloads and where they stored on the host.

  • --Forms: it shows what auto-fill forms the user have and what they searched/typed directly on the browser's search bar (not in a search engine).

  • --History: it shows the user's internet browsing history.

  • --Bookmarks: it shows the user's bookmarks.

  • --Passwords: this will work on older versions of firefox (< 58), the script will try to decrypt the encrypted passwords stored in signons.sqlite with the master decryption key stored in key3.db, but this was used in previous versions of Firefox and since version 58 logins are now stored in key4.db (SQLite) while encrypted logins are stored in logins.json. (sourcearrow-up-right)

hashtag
Firefox Decrypt

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles.

Usage

PreviousMemoryNextThreat Intelligence

Last updated