티스토리 뷰
반응형
포렌식의 개념에서 시스템의 정보 중, 인터넷 열람 정보 ,
그 중 크롬, 오페라, 파이어폭스 등의 기록을 찾아보는 방법이 있다.
import sqlite3
import os
import shutil
import platform
import datetime
import winreg # For Internet Explorer history (Windows only)
# Convert Chrome/Edge/Opera/Brave WebKit timestamps
def convert_chrome_time(chrome_time):
"""Convert Chrome's timestamp (microseconds since 1601-01-01) to human-readable datetime."""
if chrome_time:
return datetime.datetime(1601, 1, 1) + datetime.timedelta(microseconds=chrome_time)
return "Unknown"
# Convert Firefox timestamps (microseconds since Unix Epoch)
def convert_firefox_time(firefox_time):
"""Convert Firefox's timestamp (microseconds since 1970-01-01) to human-readable datetime."""
if firefox_time:
return datetime.datetime(1970, 1, 1) + datetime.timedelta(microseconds=firefox_time)
return "Unknown"
# Get browser history for Chromium-based browsers
def get_chromium_history(db_path):
if not os.path.exists(db_path):
print(f"Database not found: {db_path}")
return
temp_db = "temp_history.db"
shutil.copy2(db_path, temp_db) # Copy to avoid file lock issues
try:
conn = sqlite3.connect(temp_db)
cursor = conn.cursor()
print("\n[Browsing History]")
cursor.execute("""
SELECT url, title, visit_count, last_visit_time
FROM urls
ORDER BY last_visit_time DESC
LIMIT 10;
""")
for url, title, visit_count, last_visit_time in cursor.fetchall():
visit_time = convert_chrome_time(last_visit_time)
print(f"Title: {title}, URL: {url}, Visits: {visit_count}, Last Visited: {visit_time}")
print("\n[Download History]")
cursor.execute("""
SELECT target_path, tab_url, start_time, end_time, total_bytes
FROM downloads
ORDER BY start_time DESC
LIMIT 10;
""")
for path, url, start_time, end_time, size in cursor.fetchall():
start_time = convert_chrome_time(start_time)
end_time = convert_chrome_time(end_time) if end_time else "Unknown"
print(f"File: {path}, URL: {url}, Size: {size} bytes, Start: {start_time}, End: {end_time}")
conn.close()
os.remove(temp_db)
except Exception as e:
print("Error:", e)
# Get Firefox history
def get_firefox_history():
ff_path = os.path.expanduser("~/.mozilla/firefox") if platform.system() == "Linux" else os.path.expandvars(r"%APPDATA%\Mozilla\Firefox\Profiles")
if not os.path.exists(ff_path):
print("Firefox history database not found.")
return
# Find default profile
for profile in os.listdir(ff_path):
history_db = os.path.join(ff_path, profile, "places.sqlite")
if os.path.exists(history_db):
temp_db = "temp_firefox_history.db"
shutil.copy2(history_db, temp_db)
try:
conn = sqlite3.connect(temp_db)
cursor = conn.cursor()
print("\n[Firefox Browsing History]")
cursor.execute("""
SELECT url, title, visit_count, last_visit_date
FROM moz_places
ORDER BY last_visit_date DESC
LIMIT 10;
""")
for url, title, visit_count, last_visit_date in cursor.fetchall():
visit_time = convert_firefox_time(last_visit_date)
print(f"Title: {title}, URL: {url}, Visits: {visit_count}, Last Visited: {visit_time}")
conn.close()
os.remove(temp_db)
break # Stop after first valid profile
except Exception as e:
print("Error:", e)
# Get Internet Explorer history (Windows only)
def get_ie_history():
if platform.system() != "Windows":
return
print("\n[Internet Explorer Browsing History]")
try:
key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Internet Explorer\TypedURLs")
index = 0
while True:
try:
name, value, _ = winreg.EnumValue(key, index)
print(f"{name}: {value}")
index += 1
except OSError:
break
winreg.CloseKey(key)
except Exception as e:
print("Error retrieving IE history:", e)
# Get Edge, Chrome, Opera, Brave history
def get_all_browser_histories():
if platform.system() == "Windows":
browsers = {
"Google Chrome": os.path.expandvars(r"%LOCALAPPDATA%\Google\Chrome\User Data\Default\History"),
"Microsoft Edge": os.path.expandvars(r"%LOCALAPPDATA%\Microsoft\Edge\User Data\Default\History"),
"Opera": os.path.expandvars(r"%APPDATA%\Opera Software\Opera Stable\History"),
"Brave": os.path.expandvars(r"%LOCALAPPDATA%\BraveSoftware\Brave-Browser\User Data\Default\History"),
}
elif platform.system() == "Linux":
browsers = {
"Google Chrome": os.path.expanduser("~/.config/google-chrome/Default/History"),
"Microsoft Edge": os.path.expanduser("~/.config/microsoft-edge/Default/History"),
"Opera": os.path.expanduser("~/.config/opera/History"),
"Brave": os.path.expanduser("~/.config/BraveSoftware/Brave-Browser/Default/History"),
}
elif platform.system() == "Darwin": # macOS
browsers = {
"Google Chrome": os.path.expanduser("~/Library/Application Support/Google/Chrome/Default/History"),
"Microsoft Edge": os.path.expanduser("~/Library/Application Support/Microsoft Edge/Default/History"),
"Opera": os.path.expanduser("~/Library/Application Support/com.operasoftware.Opera/History"),
"Brave": os.path.expanduser("~/Library/Application Support/BraveSoftware/Brave-Browser/Default/History"),
}
else:
print("Unsupported OS")
return
for name, path in browsers.items():
print(f"\n=== {name} ===")
get_chromium_history(path)
get_firefox_history()
get_ie_history()
# Run script
get_all_browser_histories()반응형
댓글
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- 미즈노남보쿠
- 절제의성공학
- 추첨제
- procmon
- 구조체 #클래스
- procmoninjection
- 청약방법
- 세대주분리
- 가점제
- 세대주
- 청약
- Injection
- 주택청약
- 파이썬 #이벤트로그 #크롤링
- procmon활용
- 필터링
- 망할비주얼스튜디오코드파이썬쓸때는좋더니만
- 와이어샤크
- 비주얼스튜디오코드C/C++
- 세대원
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
글 보관함