Overview
This is a tool I coded during my ‘awurudhu’ vacation in here. A powerful forensic utility for Google Chrome. I’ve researched the most important databases and improved the existing queries and wrote this tool. You can customize this tool as you wish. I hope you will love it 🙂
Features
- Works with Windows, Linux and OS X
- Can investigate databases and files effectively
- Written in Python 2.7
History
This is an example of the history generated with this tool
URL = http://tools.google.com/chrome/intl/en/welcome.html
URL Title = Getting Started
Number of Visits = 1
Last Visit (UTC) = 2014-04-13 03:54:56
First Visit (UTC) = 2014-04-13 03:54:56
Description = The start page of the browser
URL = https://www.google.com/intl/en/chrome/browser/welcome.html
URL Title = Getting Started
Number of Visits = 1
Last Visit (UTC) = 2014-04-13 03:54:56
First Visit (UTC) = 2014-04-13 03:54:56
Description = The start page of the browser
URL = https://www.google.lk/search?q=chrome+forensics&oq=chrome+forensics&aqs=chrome..69i57j5l3j69i60l2.2146j0j4&sourceid=chrome&es_sm=94&ie=UTF-8
URL Title = chrome forensics - Google Search
Number of Visits = 1
Last Visit (UTC) = 2014-04-13 04:04:12
First Visit (UTC) = 2014-04-13 04:04:12
Description = User typed in the URL bar and selected an entry from the list - such as a search bar
Downloads
This an example of the downloads data extracted.
URL = http://thepaperwall.com/wallpapers/nature/big/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
Current Path = /home/osanda/Downloads/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
Target Path = /home/osanda/Downloads/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
End Time = 2014-04-16 03:51:41
Start Time = 2014-04-16 03:51:35
Received Bytes = 4.55 MB
Total Bytes = 4.55 MB
URL = http://thepaperwall.com/wallpapers/sports/big/big_796efef740821482b008ca6949e1f391566ca383.jpg
Current Path = /home/osanda/Downloads/big_796efef740821482b008ca6949e1f391566ca383.jpg
Target Path = /home/osanda/Downloads/big_796efef740821482b008ca6949e1f391566ca383.jpg
End Time = 2014-04-16 04:10:42
Start Time = 2014-04-16 04:10:40
Received Bytes = 1.51 MB
Total Bytes = 1.51 MB
Bookmarks
Bookmarks are in json. This was a new challenge for me to manipulate as I am not that much a developer. Anyway I managed to extract it nicely 🙂
URL: http://www.forensicswiki.org/wiki/Google_Chrome
Name: Google Chrome - Forensics Wiki
Type: url
Date: 2014-04-13 04:05:13
URL: https://chrome.google.com/webstore?hl=en
Name: Chrome Web Store
Type: url
Date: 2014-04-13 04:05:36
Cookies
Cookies will be like extracted like this.
Date Created: 2014-04-13 03:55:00
Host: .youtube.com
Name: VISITOR_INFO1_LIVE
Value:
Path: /
Expiry Date: 2014-12-12 14:48:00
Secure Cookie: No
HttpOnly Cookie: No
Date Created: 2014-04-13 03:55:01
Host: .google.com
Name: NID
Value:
Path: /
Expiry Date: 2014-10-13 03:55:01
Secure Cookie: No
HttpOnly Cookie: Yes
Last Access: 2014-04-16 09:10:11
Full Report
I’ve added an option to generate a full report. The speed might depend on the sizes of the databases.
,gggg,
,88"""Y8b,,dPYb,
d8" `Y8IP'`Yb
d8' 8b d8I8 8I
,8I "Y88P'I8 8'
I8' I8 dPgg, ,gggggg, ,ggggg, ,ggg,,ggg,,ggg, ,ggg,
d8 I8dP" "8I dP""""8I dP" "Y8ggg,8" "8P" "8P" "8, i8" "8i
Y8, I8P I8 ,8' 8I i8' ,8I I8 8I 8I 8I I8, ,8I
`Yba,,_____,,d8 I8,,dP Y8,,d8, ,d8' ,dP 8I 8I Yb, `YbadP'
`"Y888888888P `Y88P `Y8P"Y8888P" 8P' 8I 8I `Y8888P"Y888
,gggggggggggggg
dP""""""88"""""" ,dPYb,
Yb,_ 88 IP'`Yb
`"" 88 I8 8I
ggg88gggg I8 8bgg,
88 8,gggggg, ,ggg, ,gggg,gg I8 dP" "8
88 dP""""8I i8" "8i dP" "Y8I I8d8bggP"
gg, 88 ,8' 8I I8, ,8I i8' ,8I I8P' "Yb,
"Yb,,8P ,dP Y8, `YbadP' ,d8, ,d8b,,d8 `Yb,
"Y8P' 8P `Y8888P"Y888P"Y8888P"`Y888P Y8
[*] Author: Osanda Malith Jayathissa
[*] Follow @OsandaMalith
[*] Description: A Cross-Platform Forensic Framework for Google Chrome
---------------
[*] History
---------------
URL = http://tools.google.com/chrome/intl/en/welcome.html
URL Title = Getting Started
Number of Visits = 1
Last Visit (UTC) = 2014-04-13 03:54:56
First Visit (UTC) = 2014-04-13 03:54:56
Description = The start page of the browser
URL = https://www.google.com/intl/en/chrome/browser/welcome.html
URL Title = Getting Started
Number of Visits = 1
Last Visit (UTC) = 2014-04-13 03:54:56
First Visit (UTC) = 2014-04-13 03:54:56
Description = The start page of the browser
---------------
[*] Downloads
---------------
URL = http://thepaperwall.com/wallpapers/nature/big/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
Current Path = /home/osanda/Downloads/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
Target Path = /home/osanda/Downloads/big_83fd6795f58223afa77e70881a799d012cf4d05b.jpg
End Time = 2014-04-16 03:51:41
Start Time = 2014-04-16 03:51:35
Received Bytes = 4.55 MB
Total Bytes = 4.55 MB
URL = http://thepaperwall.com/wallpapers/sports/big/big_796efef740821482b008ca6949e1f391566ca383.jpg
Current Path = /home/osanda/Downloads/big_796efef740821482b008ca6949e1f391566ca383.jpg
Target Path = /home/osanda/Downloads/big_796efef740821482b008ca6949e1f391566ca383.jpg
End Time = 2014-04-16 04:10:42
Start Time = 2014-04-16 04:10:40
Received Bytes = 1.51 MB
Total Bytes = 1.51 MB
---------------
[*] Bookmarks
---------------
URL: http://www.forensicswiki.org/wiki/Google_Chrome
Name: Google Chrome - Forensics Wiki
Type: url
Date: 2014-04-13 04:05:13
URL: https://chrome.google.com/webstore?hl=en
Name: Chrome Web Store
Type: url
Date: 2014-04-13 04:05:36
---------------
[*] Cookies
---------------
Date Created: 2014-04-13 03:55:00
Host: .youtube.com
Name: VISITOR_INFO1_LIVE
Value:
Path: /
Expiry Date: 2014-12-12 14:48:00
Secure Cookie: No
HttpOnly Cookie: No
[~] This file was generated by ChromFreak
[~] Website: http://osandamalith.github.io/ChromeFreak/
You can download this tool from here: http://osandamalith.github.io/ChromeFreak/
https://github.com/OsandaMalith/ChromeFreak/zipball/master
Apparently this tool was added to the blacharchlinux operating system for security researchers and pen-testers.
just read the code and it is very beautiful. congrat bro! 😀
Nicely done bro! Congrats and GL! 🙂
nice and powerful tool machan congratzz !!
^_^ O M G , awesome tools bro ^_^ I love it 😀
at first I couldn’t get it.. but then.. OH YES IT’S AWESOME..!!!!!! keep it up..!!!
As always you rock my friend 😉
somthing is telling me that you read a sertain python book for hackers 🙂