This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Internet history of an user (IE and Firefox)

Anonymous
Not applicable

‎09-02-2009 04:59 PM

Well, in the last weeks I've faced a lot of new vírus that were not detected by an antivirus, so I had to figure out how they have entered in the computer. I've installed this neat action to check logged in user internet history, and it also works for files accessed:
1. get this great nirsoft utility http://www.nirsoft.net/utils/iehv.html
2. add this action:
\\server\share$\Lansweeper\iehv.exe -folder "\\{computer}\c$\Documents and Settings\{username}\Local Settings\History"


That's it, you get the history and you can easilly know where that vírus come from, many of them are from google searches and they only install when clicking on the search result, if you click directly on the link it does nothing. I will not post examples since I could be helping to spread those vírus - they offer themselfs to the user as being an antivirus sofware,
Labels:
0 Kudos
14 REPLIES 14
Anonymous
Not applicable

‎07-13-2010 07:28 PM

Although this is not so simple or usefull for many of you, I've made a simple interface so I can use Internet history of a Firefox user, using the tool from Nirsoft: http://www.nirsoft.net/utils/mozilla_history_view.html

Using AutoIt, I've made this simple script to get the firefox profile directory:
Global $FFprofilesDir
$FFprofilesDir = $CmdLine[1]
$FFprofilesIni = $FFprofilesDir & "\profiles.ini"
$ProfilePath=IniRead($FFprofilesIni,"Profile0","Path","")
$replace = StringReplace($ProfilePath, "/", "\")
Run("MozillaHistoryView.exe -file " & """" & $FFprofilesDir & "\" & $replace & "\places.sqlite" & """")


Note that I read the file "places.sqlite", but it can be history.dat depending on your firefox version I guess.

You will need to put this dll's on the same folder of the actions if you don't have firefox installed on the running computer:
http://www.sqlite.org/sqlitedll-3_6_23_1.zip
You should also put MozillaHistoryView.exe on the actions folder, as well as the compiled autoit script, I've named it FirefoxVHHelper.exe

The action should be something like:
{actionpath}FirefoxVHHelper.exe "\\{computer}\c$\Documents and Settings\{username}\Application Data\Mozilla\Firefox"


Thats it.

Edit: For those who need the compiled version of the script, I've attached now that file. It only reads "places.sqlite" file; the code is posted on the top of this message.
FirefoxVHHelper.zip
0 Kudos
afionda
Engaged Sweeper

‎11-03-2009 11:52 PM

VERY NICE BULL !!!!
0 Kudos
Perkins
Engaged Sweeper

‎10-10-2009 01:07 AM

Great Tool....thanks!
0 Kudos
cvau89
Engaged Sweeper

‎09-11-2009 10:26 PM

Hey - Great custom action - does anyone understand how to do anything similar with the chrome browser?
0 Kudos
mrdaytrade
Engaged Sweeper III

‎09-02-2009 06:14 PM

This is a great custom action... thank you!
0 Kudos

Archive

This board contains archived posts from the retired Lansweeper Forum and Insiders Community.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Top