Some days ago I wrote a post about Hacking InPrivate Browsing, there you find useful information about how to find traces left by Internet Explorer using InPrivate Browsing.
Incognito Mode in Google Chrome, Private Browsing in Firefox, and InPrivate Browsing in Internet Explorer are, in essence, the same. This feature restricts the information that browser stores while using the internet. What information are we talking about?
- History: If you enter a web page, information about the site, title and URL, as well as when that page was entered is saved.
- Cookies: Many sites need to track information about the user, for example a set of books on a library site. One way to achieve this is using cookies that store the information on the user’s computer.
- Cache: If you enter more than once on a website, the browser doesn’t need to download all components of that site every time. It’s clear that these programs need storage and a way to organize the files.
If I am using my computer at home, I don’t mind if this information is stored on my computer. But what happens if you are using a shared computer? Making you a spy is not the motivation behind this post; however, the idea is showing the limits of the implementations of this feature.
Today I am going to use a more simple technique than the one explained on the previous article, to know what pages have been visited. This technique works for Chrome, Firefox and Internet Explorer.
As I am exploring PowerShell, I will show you two ways to do exactly the same.
Using the command line
When you enter on a website, you first tell the browser the name of the site you want to visit. To contact that website, the computer needs to find the IP associated with the website name; to do this, it uses a DNS server.
As you can read the process is very straightforward. As it’s not necessary to get this IP address every time, Windows uses a program (a DNS client) to store this information.
To test everything first we are going to clear entries in the DNS client:
Press WinKey + R, type cmd and press Enter to open a command line.
In the command line type ipconfig /flushdns and press Enter:
You can see the DNS resolver cache using ipconfig /displaydns:
Now we are going to open a Chrome window and go to www.mintywhite.com using Incognito mode. This is the private mode of Google Chrome. To open a window in this mode press Ctrl + Shift + N.
Can you imagine what happens if we close this window and check the DNS cache using ipconfig /displaydns?:
As we can see Chrome doesn’t remove this information from the DNS cache.
Using a Script
PowerShell is my latest discovery so, why not use it to display this information in a more cool way?
The code
You have to copy this to a notepad file:
@echo off
Powershell -noexit "ipconfig /displaydns | select-string 'Record Name' | foreach-object { $_.ToString().Split(' ')[-1] } | Sort | Out-Gridview"
You will see something like this:
As always go to File menu, click Save As…, and give the file a name i.e. “ShowDNSCache.bat”. (Include the quotes to save the file as a BAT file and not a TXT file.)
We can now easily find that someone has browsed Windows Guides (or any site.)
About Angel Luis
I am an Engineer of Telecommunications that love computers. My first computer was a Commodore 16kb, about 25 years ago and since then I am always fighting computers problems. Please visit my entries and ask me about whatever problem you have, I will be pleased to help you. My email is discoveryourpc [at] gmail [dot] com. You can follow me on twitter @agenlu or read my blog www.discoveryourpc.net
- Web
- |
- More Posts (48)
One thing I don’t get is what to do after this ShowDNSCache.bat file is saved.
Which application to use to get data (visited pages) seen???
Thanx in advance.
just double click the .bat file and it will run in a window.
Ok, It works now with Powershell application on Win7. I wonder the resulted pages it shows are how old… is there any ways to see the date a page has been visited? Thanx in advance.
I have a question, I get to the stage of having powershell and also having saved the code as the notepad file (all in quotation marks as required). What now? I try opening the file on it’s own, tried opening powershell and typed in “ShowDNSCache.bat” and ShowDNSCache.bat nothing has happened. Can anyone tell me how to get to the last step?
Thanks for any help in advance.
Also, it’s not just children that we are worried about.
In theory if you have powershell installed on your system you only have to doubleclick the bat file.
Are you using Windows XP, Vista or 7?
1. copy to notepad
@echo off
Powershell -noexit “ipconfig /displaydns | select-string ‘Record Name’ | foreach-object { $_.ToString().Split(‘ ‘)[-1] } | Sort | Out-Gridview”
2. save the file as
“ShowDNSCache.bat”
3. double click the .bat file and a window and cnd window will open.
Why did u have me dump the very thing that was going to answer my question before you tell me how to retrieve the information? Can I retrieve any of the info that I erased in the first step?I needed to retrieve the data for web sites already visited.
did u manage to retrieve the sites visited how did u do it as i really need see the history on my laptop please help
All i’m getting is ns1.msft.net and ns(2,3,4,5).msft.net and 6to4.ipv6.microsoft.com…is this supposed to tell me something, cuz I don’t understand.
So do you have to download powershell for this?
If you’re using Windows 7 or Server 2008, all versions come bundled with PowerShell.
Vista: http://www.microsoft.com/download/en/details.aspx?id=23200
XP: http://www.microsoft.com/download/en/details.aspx?id=7217
Server 2003: http://www.microsoft.com/download/en/details.aspx?id=20020
How do you then delete the websites from the BAT file
Right click and select Run
I tried to run by having as a batch file only but win7 ask for a program to open it!! I have powershell on my computer! Help!
it does not show full history
why doesn’t it show the full history????
Guess there isn’t a way to do this on a Mac?
It doesn’t work if the history has been cleared.
how do you get from the save as part to view all the web sites that have been used????
hi im absolutley useless on computers please can u send this to me so i just have to click the link so i can open this on my windows 7 laptop please as i really need help to keep a track and cant follow the instructions as iv tried and am not gettin nowere please help me my email is please help.
it doesnt work for me
CCleaner has a DNS flush feature. Do you know if it’s effective?
Yep, the best way to test is to identify a site in the DNS cache and then run the following command/batch script:
“C:Program FilesCCleanerCCleaner.exe” /AUTO ipconfig /flushdns
This should remove all traces.
So if i flush dns all the history seen in private mode gets erased?
Be sure to show file extensions and name the file script.bat
I suspect you’re not showing file extensions and the file is saved as filename.bat.txt
To show file extensions, follow this guide: http://www.mintywhite.com/windows-7/7customization/showhide-file-extensions-windows-xp-vista-7-quick-tip/
Awesome! How do i delete the visited sites using the powershell? Works great but would like to clear it so i know what has been visited recently! Also, how do i get this on a samsung galaxy 2 tablet?
i wanted to see the history, not delete it. If i typed in ipconfig/flushdns does that mean its all gone?
Are we suppose to space or something? It’s not working for me. after I save it I tried to click on it and it pops up and it disappears right away.
it only show for the current session right? what about all the history ever visited?
Does anyone know how to do this on a Samsung tablet using Android? I have Terminal Emulator but don’t know the command line.
How do I press winkey + R….an somebody explain me like I’m 5 years old
Do you have an email address?
no
Who’s email address are you asking for?
how do i delete what is in the bat file?
Can this be done on an iphone 5?
Can this be done on Sony Xperia
i used
ipconfig /displaydns
command but no sites seems familiar, so is there any way of know if one of these is an adult site?…….
There truly is no such thing as privacy on the internet.
hai i have gone through all those steps…..but while opening dns file which we saved on desktop im not getting list of history.???
Can we ???