Notification

Icon
Error

Internet history of an user (IE and Firefox)

Posted: Wednesday, September 2, 2009 3:59:38 PM(UTC)
0
Like
Well, in the last weeks I've faced a lot of new vírus that were not detected by an antivirus, so I had to figure out how they have entered in the computer. I've installed this neat action to check logged in user internet history, and it also works for files accessed:
1. get this great nirsoft utility http://www.nirsoft.net/utils/iehv.html
2. add this action:
Code:
\\server\share$\Lansweeper\iehv.exe -folder "\\{computer}\c$\Documents and Settings\{username}\Local Settings\History"


That's it, you get the history and you can easilly know where that vírus come from, many of them are from google searches and they only install when clicking on the search result, if you click directly on the link it does nothing. I will not post examples since I could be helping to spread those vírus - they offer themselfs to the user as being an antivirus sofware,
mrdaytrade
#1mrdaytrade Member Posts: 99  
posted: 9/2/2009 5:14:21 PM(UTC)
This is a great custom action... thank you!
cvau89
#2cvau89 Member Posts: 6  
posted: 9/11/2009 9:26:08 PM(UTC)
Hey - Great custom action - does anyone understand how to do anything similar with the chrome browser?
Perkins
#3Perkins Member Posts: 19  
posted: 10/10/2009 12:07:00 AM(UTC)
Great Tool....thanks!
afionda
#4afionda Member Posts: 3  
posted: 11/3/2009 11:52:32 PM(UTC)
VERY NICE BULL !!!!
BullGates (no longer LS user due to abusive increased costs)
posted: 7/13/2010 6:28:50 PM(UTC)
Although this is not so simple or usefull for many of you, I've made a simple interface so I can use Internet history of a Firefox user, using the tool from Nirsoft: http://www.nirsoft.net/u...zilla_history_view.html

Using AutoIt, I've made this simple script to get the firefox profile directory:
Code:
Global $FFprofilesDir
$FFprofilesDir = $CmdLine[1]
$FFprofilesIni = $FFprofilesDir & "\profiles.ini"
$ProfilePath=IniRead($FFprofilesIni,"Profile0","Path","")
$replace = StringReplace($ProfilePath, "/", "\")
Run("MozillaHistoryView.exe -file " & """" & $FFprofilesDir & "\" & $replace & "\places.sqlite" & """")


Note that I read the file "places.sqlite", but it can be history.dat depending on your firefox version I guess.

You will need to put this dll's on the same folder of the actions if you don't have firefox installed on the running computer:
http://www.sqlite.org/sqlitedll-3_6_23_1.zip
You should also put MozillaHistoryView.exe on the actions folder, as well as the compiled autoit script, I've named it FirefoxVHHelper.exe

The action should be something like:
Code:
{actionpath}FirefoxVHHelper.exe "\\{computer}\c$\Documents and Settings\{username}\Application Data\Mozilla\Firefox"


Thats it.

Edit: For those who need the compiled version of the script, I've attached now that file. It only reads "places.sqlite" file; the code is posted on the top of this message.
Handles attachments
FirefoxVHHelper.zip (280kb) downloaded 170 time(s).
isit
#6isit Member Posts: 7  
posted: 3/27/2012 7:50:54 PM(UTC)
I am trying to use this action but, I am having trouble connecting to the user's computer. I have installed the utility (on the lansweeper server under actions) but, when I run the custom action, it only runs is on the server instead of the users pc. In your code, you have "-folder" when I remove this, it gives the server history, when I add it, it gives nothing. So what exactly does folder represent? What do we replace it with if anything?
isit
#7isit Member Posts: 7  
posted: 3/28/2012 7:01:45 PM(UTC)
I got it working!
Jono
#8Jono Member Posts: 111  
posted: 4/12/2012 6:23:49 PM(UTC)
Is there an easy way to edit these scripts to make them work with Windows XP clients and Windows 7 clients without having to distinguish between them first?

Currently, both of these will only work on Windows XP ("Documents and Settings" folder doesn't exist on W7).

Thanks,
Jono
TNTreasury
#9TNTreasury Member Posts: 19  
posted: 4/30/2012 11:15:47 PM(UTC)
i downloaded the files and save to my actions folder but when i select the action from the Lansweeper web page, I get Error: file not found.

.any thoughts?


the action i have is
iehv.exe -folder "\\{computer}\c$\Documents and Settings\{username}\Local Settings\History"
Lansweeper
#10Lansweeper Member Posts: 13,442  
posted: 5/1/2012 9:25:17 AM(UTC)
add {actionpath} variable to your action
MCanning
#11MCanning Member Posts: 5  
posted: 3/6/2013 8:45:50 PM(UTC)
This works great - I have a mix of XP & Win 7 boxes here so I added another action entry:

For Win 7
Code:

{actionpath}iehv.exe -folder "\\{computer}\c$\Users\{username}\Local Settings\History"
Argon0
#12Argon0 Member Posts: 44  
posted: 11/9/2017 5:56:54 PM(UTC)
All good... But I need to get history from IR11...

So the tool BrowderHistoryView from nirsoft looks good, but I can't work out if there is a way to pass the computer name to it automagically (rather than launching and pasting/typing the name).

...

Argon0
jgranese
#13jgranese Member Posts: 3  
posted: 12/7/2017 6:11:22 PM(UTC)
I have setup BrowserHistoryView and it is working

Get it here: http://www.nirsoft.net/u...wsing_history_view.html

This is the action I used:

{actionpath}BrowsingHistoryView.exe /HistorySource 7 /ComputerName {computer} /VisitTimeFilterType 1 /StopIECacheTask 1

I still have to click OK but the setting are what works for me. The download page has the parameters if you need to change some.

Active Discussions

Lansweeper Scan User Exclusion / Define User OU for active scanning
by  Almada   Go to last post Go to first unread
Last post: 9/17/2021 6:43:34 PM(UTC)
Lansweeper sqlServerId is changing
by  Ciro Bizelli  
Go to last post Go to first unread
Last post: 9/17/2021 3:40:34 PM(UTC)
Lansweeper Slow Loading Lansweeper
by  Maikel Vanroelen   Go to last post Go to first unread
Last post: 9/17/2021 9:25:31 AM(UTC)
Lansweeper Sync information
by  Jay-IT  
Go to last post Go to first unread
Last post: 9/16/2021 9:20:11 PM(UTC)
Lansweeper "Unknown" exclusion does not exclude Unknown assets
by  Almada   Go to last post Go to first unread
Last post: 9/16/2021 7:18:43 PM(UTC)
Lansweeper multiple scanning servers with granular permission
by  FrankSc  
Go to last post Go to first unread
Last post: 9/16/2021 6:29:54 PM(UTC)
Lansweeper Separate helpdesk websites?
by  JCochran   Go to last post Go to first unread
Last post: 9/15/2021 2:51:03 PM(UTC)
Lansweeper Remove Ads
by  FrankSc  
Go to last post Go to first unread
Last post: 9/15/2021 12:30:18 PM(UTC)