DumpZilla

Description

Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x developement, might not work properly in old Python versions, mainly with certain characters. Works under Unix and Windows 32/64 bits systems. Works in command line interface, so information dumps could be redirected by pipes with tools such as grep, awk, cut, sed… Dumpzilla allows to visualize following sections, search customization and extract certain content.

  • Cookies + DOM Storage (HTML 5).

  • User preferences (Domain permissions, Proxy settings…).

  • Downloads.

  • Web forms (Searches, emails, comments..).

  • Historial.

  • Bookmarks.

  • Cache HTML5 Visualization / Extraction (Offline cache).

  • visited sites “thumbnails” Visualization / Extraction .

  • Addons / Extensions and used paths or urls.

  • Browser saved passwords.

  • SSL Certificates added as a exception.

  • Session data (Webs, reference URLs and text used in forms).

  • Visualize live user surfing, Url used in each tab / window and use of forms.

Dumpzilla will show SHA256 hash of each file to extract the information and finally a summary with totals.
Sections which date filter is not possible: DOM Storage, Permissions / Preferences, Addons, Extensions, Passwords/Exceptions, Thumbnails and Session

Usage

Syntax

dumpzilla browser_profile_directory [Options]

Options

--All (Shows everything but the DOM data. Doesn't extract thumbnails or HTML 5 offline)
 --Cookies [-showdom -domain <string> -name <string> -hostcookie <string> -access <date> -create <date> -secure <0/1> -httponly <0/1> -range_last -range_create <start> <end>]
 --Permissions [-host <string>]
 --Downloads [-range <start> <end>]
 --Forms	[-value <string> -range_forms <start> <end>]
 --History [-url <string> -title <string> -date <date> -range_history <start> <end> -frequency]
 --Bookmarks [-range_bookmarks <start> <end>]
 --Cacheoffline [-range_cacheoff <start> <end> -extract <directory>]
 --Thumbnails [-extract_thumb <directory>]
 --Range <start date> <end date>
 --Addons
 --Passwords (Decode only in Unix)
 --Certoverride
 --Session
 --Watch [-text <string>]

Example

cyborg@cyborg:~$ dumpzilla '/home/cyborg/.mozilla/firefox/xc3nm355.default/' --All

[WARNING]: Python 2.x currently used, Python 3.x and UTF-8 is recommended !


====================================================================================================
Cookies              [SHA256 hash: c1bc3234d704175fe561079f22ee8e8a5df6844d0175e61ceddfc5ffdb70a442]
====================================================================================================


Domain: google.com
Host: .google.com
Name: Alphabet
Value: 47359114672135402073355453874039797746
Path: /
Expiry: 2017-10-15 11:00:07
Last acess: 2015-10-16 12:37:52
Creation Time: 2015-10-16 11:00:07
Secure: No
HttpOnly: No


Domain: cyborg.ztrela.com
Host: .cyborg.ztrela.com
Name: cyborg
Value: /thread/612822
Path: /
Expiry: 2015-10-16 15:00:11
Last acess: 2015-10-16 11:00:12
Creation Time: 2015-10-16 11:00:02
Secure: Yes
HttpOnly: Yes


Domain: ztrela.com
Host: .ztrela.com
Name: ztrela
Value: 3-1-1444973438667|359-1-1444973438680|411-1-1444973438696|416-1-1444973438713|477-1-1444973438729|540-1-1444973438745|721-1-1444973438760|771-1-1444973438776|1127-1-1444973438793|1121-1-1444973438811|1175-1-1444973438825|1524-1-1444973438840|19360-1-1444973438857|22054-1-1444973438872
Path: /
Expiry: 2032-03-20 11:00:38
Last acess: 2015-10-16 12:37:52
Creation Time: 2015-10-16 11:00:38
Secure: Yes
HttpOnly: Yes
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?