dissect.target.plugins.apps.browser.iexplore

Module Contents

Classes

WebCache

Class for opening and pre-processing IE WebCache file.

InternetExplorerPlugin

Internet explorer browser plugin.

class dissect.target.plugins.apps.browser.iexplore.WebCache(target: dissect.target.target.Target, fh: BinaryIO)

Class for opening and pre-processing IE WebCache file.

target
db
find_containers(name: str) Iterator[dissect.esedb.table.Table]

Look up all ContainerId values for a given container name.

Parameters:

name – The container name to look up all container IDs of.

Yields:

All ContainerId values for the requested container name.

history() Iterator[dissect.esedb.record.Record]

Yield records from the history webcache container.

downloads() Iterator[dissect.esedb.record.Record]

Yield records from the iedownload webcache container.

abstract cookies() None
class dissect.target.plugins.apps.browser.iexplore.InternetExplorerPlugin(target: dissect.target.target.Target)

Bases: dissect.target.plugins.apps.browser.browser.BrowserPlugin

Internet explorer browser plugin.

__namespace__ = 'iexplore'

Defines the plugin namespace.

DIRS = ['AppData/Local/Microsoft/Windows/WebCache']
CACHE_FILENAME = 'WebCacheV01.dat'
BrowserHistoryRecord
BrowserDownloadRecord
users_dirs: list[Tuple[dissect.target.plugins.general.users.UserDetails, pathlib.Path]] = []
check_compatible() None

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

history() Iterator[BrowserHistoryRecord]

Return browser history records from Internet Explorer.

Yields BrowserHistoryRecord with the following fields:

ts (datetime): Visit timestamp.
browser (string): The browser from which the records are generated from.
id (string): Record ID.
url (uri): History URL.
title (string): Page title.
description (string): Page description.
rev_host (string): Reverse hostname.
visit_type (varint): Visit type.
visit_count (varint): Amount of visits.
hidden (string): Hidden value.
typed (string): Typed value.
session (varint): Session value.
from_visit (varint): Record ID of the "from" visit.
from_url (uri): URL of the "from" visit.
source: (path): The source file of the history record.
downloads() Iterator[BrowserDownloadRecord]

Return browser downloads records from Internet Explorer.

Yields BrowserDownloadRecord with the following fields:

ts_start (datetime): Download start timestamp.
ts_end (datetime): Download end timestamp.
browser (string): The browser from which the records are generated from.
id (string): Record ID.
path (string): Download path.
url (uri): Download URL.
size (varint): Download file size.
state (varint): Download state number.
source: (path): The source file of the download record.