Results 1 to 3 of 3

Thread: Script to parse IE Index.dat

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Script to parse IE Index.dat

    Last week or so I got some free time and decided to start playing around with extracting browsing history from the the index.dat files. I know there are a million and one tools out there to do this, I just wanted to figure it out myself without using Windows API's. I eventually want to incorporate it into Metasploit Post module that grabs all kind of good info from IE, so I kind of had an alternate motive for trying to parse out the file. Anyways I came up with a ruby script that parses out the url, date accessed, and date modified. It will work on the Index.dat's from the Cookies, History, and Temporary Internet Files folders. It's not a post module yet, but probably soon. i just need to invest some time into using this history list to hash and compare to the encrypted urls for the auto-complete passwords stored in the registry. Another script for another day.

    I thought I'd share the parsing script, so here it is: iehist.rb

    I had a hard time finding good information on how to parse this data, so I also wrote a short blog post that talks about the structure of the index.dat file and how I parsed out the data in case anyone's interested. Here's the blog post: Parsing IE's Index.dat

  2. #2
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: Script to parse IE Index.dat

    Very well done! The blog is worth a look at, usually I just download the scripts to break them down into steps and work out what is going on. Most scripts have more comments than some of the tutorials out there... The blog post was very detailed and included the how and whys of what is being done.

    Thanks!

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Re: Script to parse IE Index.dat

    thanks.....I appreciate the kind words and glad it was helpful to someone else.

Similar Threads

  1. Can't parse sslstrip logs
    By comaX in forum Beginners Forum
    Replies: 9
    Last Post: 04-17-2011, 10:03 AM
  2. Where is index.html?!
    By imported_bt4pf355 in forum OLD Newbie Area
    Replies: 1
    Last Post: 02-03-2010, 05:56 PM
  3. Parse messages.....
    By >Dart> in forum OLD General IT Discussion
    Replies: 1
    Last Post: 04-16-2009, 03:46 PM
  4. BT3 softwae index
    By john99 in forum OLD Newbie Area
    Replies: 1
    Last Post: 07-03-2008, 05:47 AM
  5. Connect to WEP, index key 3
    By Eomer in forum OLD BT3beta General
    Replies: 4
    Last Post: 03-09-2008, 05:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •