dissect.target.plugins.apps.browser.iexplore#

Module Contents#

Classes#

WebCache

Class for opening and pre-processing IE WebCache file.

InternetExplorerPlugin

Internet explorer browser plugin.
class dissect.target.plugins.apps.browser.iexplore.WebCache(target: dissect.target.target.Target, fh: BinaryIO)#

Class for opening and pre-processing IE WebCache file.

find_containers(name: str) dissect.esedb.table.Table#

Look up all ContainerId values for a given container name.

Parameters:

name – The container name to look up all container IDs of.

Yields:

All ContainerId values for the requested container name.

history() Iterator[dissect.esedb.record.Record]#

Yield records from the history webcache container.

downloads() Iterator[dissect.esedb.record.Record]#

Yield records from the iedownload webcache container.

abstract cookies() None#
class dissect.target.plugins.apps.browser.iexplore.InternetExplorerPlugin(target: dissect.target.target.Target)#

Bases: dissect.target.plugins.apps.browser.browser.BrowserPlugin

Internet explorer browser plugin.

__namespace__ = 'iexplore'#
DIRS = ['AppData/Local/Microsoft/Windows/WebCache']#
CACHE_FILENAME = 'WebCacheV01.dat'#
BrowserHistoryRecord#
BrowserDownloadRecord#
check_compatible() None#

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

history() Iterator[BrowserHistoryRecord]#

Return browser history records from Internet Explorer.

Yields BrowserHistoryRecord with the following fields:

ts (datetime): Visit timestamp. browser (string): The browser from which the records are generated from. id (string): Record ID. url (uri): History URL. title (string): Page title. description (string): Page description. rev_host (string): Reverse hostname. visit_type (varint): Visit type. visit_count (varint): Amount of visits. hidden (string): Hidden value. typed (string): Typed value. session (varint): Session value. from_visit (varint): Record ID of the “from” visit. from_url (uri): URL of the “from” visit. source: (path): The source file of the history record.

downloads() Iterator[BrowserDownloadRecord]#

Return browser downloads records from Internet Explorer.

Yields BrowserDownloadRecord with the following fields:

ts_start (datetime): Download start timestamp. ts_end (datetime): Download end timestamp. browser (string): The browser from which the records are generated from. id (string): Record ID. path (string): Download path. url (uri): Download URL. size (varint): Download file size. state (varint): Download state number. source: (path): The source file of the download record.