# Browser

## Chrome

### hindsight

Web browser forensics tool for Google Chrome/Chromium-based browsers.

* Installation

```bash
sudo apt update
sudo apt install -y sqlitebrowser
git clone https://github.com/obsidianforensics/hindsight.git
cd hindsight
python3 -m venv venv && source venv/bin/activate
pip3 install -r requirements.txt
python3 setup.py install
deactivate
npm install sqlite-browser
npm install sqlite3
```

* Usage

<pre class="language-bash"><code class="lang-bash"><strong>source venv/bin/activate &#x26;&#x26; python3 hindsight_gui.py
</strong></code></pre>

## Firefox

* **Profile locations**

```
# Ubuntu 22.04
/home/<USER>/snap/firefox/common/.mozilla/firefox/<Profile>.default

# Linux
/home/<USER>/.mozilla/firefox/<Profile>.default-esr

# Windows
C:\Documents and Settings\<USER>\Application Data\Mozilla\Firefox\Profiles\<Profile>.default
```

### dumpzilla

Web browser forensics tool for Firefox.

* **Installation**

Download the Python script from the official website <https://www.dumpzilla.org/> for Unix/Windows\
Or directly via the command line:

```bash
wget https://www.dumpzilla.org/dumpzilla.py
```

* **Usage**

```bash
python3 dumpzilla.py browser_profile_directory [Options]
```

The option `--All` can extract everything the tool can extract.

**The most interesting options are:**

* `--Downloads`: it shows what links were used for downloads and where they stored on the host.
* `--Forms`: it shows what auto-fill forms the user have and what they searched/typed directly on the browser's search bar (not in a search engine).
* `--History`: it shows the user's internet browsing history.
* `--Bookmarks`: it shows the user's bookmarks.
* `--Passwords`: this will work on older versions of firefox (< 58), the script will try to decrypt the encrypted passwords stored in **signons.sqlite** with the master decryption key stored in **key3.db**, but this was used in previous versions of Firefox and since version 58 logins are now stored in **key4.db** (SQLite) while encrypted logins are stored in **logins.json**. ([source](https://apr4h.github.io/2019-12-20-Harvesting-Browser-Credentials/))

### Firefox Decrypt

Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profiles.

```bash
git clone https://github.com/unode/firefox_decrypt
cd firefox_decrypt
```

**Usage**

```bash
python3 firefox_decrypt <Profile> -f human
```