Web Analytics


Some days ago I wrote a post about Hacking InPrivate Browsing, there you find useful information about how to find traces left by Internet Explorer using InPrivate Browsing.

Incognito Mode in Google Chrome, Private Browsing in Firefox, and InPrivate Browsing in Internet Explorer are, in essence, the same. This feature restricts the information that browser stores while using the internet. What information are we talking about?

  • History: If you enter a web page, information about the site, title and URL, as well as when that page was entered is saved.
  • Cookies: Many sites need to track information about the user, for example a set of books on a library site. One way to achieve this is using cookies that store the information on the user’s computer.
  • Cache: If you enter more than once on a website, the browser doesn’t need to download all components of that site every time. It’s clear that these programs need storage  and a way to organize the files.

If I am using my computer at home, I don’t mind if this information is stored on my computer. But what happens if you are using a shared computer? Making you a spy is not the motivation behind this post; however, the idea is showing the limits of the implementations of this feature.

Today I am going to use a more simple technique than the one explained on the previous article, to know what pages have been visited. This technique works for Chrome, Firefox and Internet Explorer.

As I am exploring PowerShell, I will show you two ways to do exactly the same.

Using the command line

When you enter on a website, you first tell the browser the name of the site you want to visit. To contact that website, the computer needs to find the IP associated with the website name; to do this, it uses a DNS server.

As you can read the process is very straightforward. As it’s not necessary to get this IP address every time, Windows uses a program (a DNS client) to store this information.

To test everything first we are going to clear entries in the DNS client:

Press WinKey + R, type cmd and press Enter to open a command line.

In the command line type ipconfig /flushdns and press Enter:

You can see the DNS resolver cache using ipconfig /displaydns:

Now we are going to open a Chrome window and go to www.mintywhite.com using Incognito mode. This is the private mode of Google Chrome. To open a window in this mode press Ctrl + Shift + N.

Can you imagine what happens if we close this window and check the DNS cache using ipconfig /displaydns?:

As we can see Chrome doesn’t remove this information from the DNS cache.

Using a Script

PowerShell is my latest discovery so, why not use it to display this information in a more cool way?

The code

You have to copy this to a notepad file:

@echo off
Powershell -noexit "ipconfig /displaydns | select-string 'Record Name' | foreach-object { $_.ToString().Split(' ')[-1]   } | Sort | Out-Gridview"

You will see something like this:

As always go to File menu, click Save As…, and give the file a name i.e. “ShowDNSCache.bat”. (Include the quotes to save the file as a BAT file and not a TXT file.)

We can now easily find that someone has browsed Windows Guides (or any site.)

About Angel Luis

I am an Engineer of Telecommunications that love computers. My first computer was a Commodore 16kb, about 25 years ago and since then I am always fighting computers problems. Please visit my entries and ask me about whatever problem you have, I will be pleased to help you. My email is discoveryourpc [at] gmail [dot] com. You can follow me on twitter @agenlu or read my blog www.discoveryourpc.net

Free PC tips by email

Search Windows Guides




Comments

41 thoughts on “Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)”

  1. nüph says:

    One thing I don’t get is what to do after this ShowDNSCache.bat file is saved.
    Which application to use to get data (visited pages) seen???
    Thanx in advance.

    1. Furrelkt says:

      just double click the .bat file and it will run in a window.

  2. nüph says:

    Ok, It works now with Powershell application on Win7. I wonder the resulted pages it shows are how old… is there any ways to see the date a page has been visited? Thanx in advance.

  3. Eos_athen says:

    I have a question, I get to the stage of having powershell and also having saved the code as the notepad file (all in quotation marks as required). What now? I try opening the file on it’s own, tried opening powershell and typed in “ShowDNSCache.bat” and ShowDNSCache.bat nothing has happened. Can anyone tell me how to get to the last step?

    Thanks for any help in advance.

    Also, it’s not just children that we are worried about.

    1. Angel says:

      In theory if you have powershell installed on your system you only have to doubleclick the bat file.

      Are you using Windows XP, Vista or 7?

  4. Furrelkt says:

    1. copy to notepad
    @echo off
    Powershell -noexit “ipconfig /displaydns | select-string ‘Record Name’ | foreach-object { $_.ToString().Split(‘ ‘)[-1] } | Sort | Out-Gridview”
    2. save the file as
    “ShowDNSCache.bat”
    3. double click the .bat file and a window and cnd window will open.

  5. Cindy21 says:

    Why did u have me dump the very thing that was going to answer my question before you tell me how to retrieve the information? Can I retrieve any of the info that I erased in the first step?I needed to retrieve the data for web sites already visited.

    1. amarie says:

      did u manage to retrieve the sites visited how did u do it as i really need see the history on my laptop please help

  6. Wondering says:

    All i’m getting is ns1.msft.net and ns(2,3,4,5).msft.net and 6to4.ipv6.microsoft.com…is this supposed to tell me something, cuz I don’t understand.

  7. Guest says:

    So do you have to download powershell for this?

    1. Rich says:

      If you’re using Windows 7 or Server 2008, all versions come bundled with PowerShell.

      Vista: http://www.microsoft.com/download/en/details.aspx?id=23200
      XP: http://www.microsoft.com/download/en/details.aspx?id=7217
      Server 2003: http://www.microsoft.com/download/en/details.aspx?id=20020

  8. Guest201 says:

    How do you then delete the websites from the BAT file

  9. Rich says:

    Right click and select Run

    1. YBB Broder says:

      I tried to run by having as a batch file only but win7 ask for a program to open it!! I have powershell on my computer! Help!

  10. Mumair Iqt says:

    it does not show full history

  11. rmy says:

    why doesn’t it show the full history????

  12. Rmedwards says:

    Guess there isn’t a way to do this on a Mac?

  13. guest says:

    It doesn’t work if the history has been cleared.

  14. G1NA98 says:

    how do you get from the save as part to view all the web sites that have been used????

  15. amarie says:

    hi im absolutley useless on computers please can u send this to me so i just have to click the link so i can open this on my windows 7 laptop please as i really need help to keep a track and cant follow the instructions as iv tried and am not gettin nowere please help me my email is please help.

  16. ... says:

    it doesnt work for me

  17. Brad Scott says:

    CCleaner has a DNS flush feature. Do you know if it’s effective?

    1. Rich says:

      Yep, the best way to test is to identify a site in the DNS cache and then run the following command/batch script:
      “C:Program FilesCCleanerCCleaner.exe” /AUTO ipconfig /flushdns

      This should remove all traces.

  18. mintywhite1234 says:

    So if i flush dns all the history seen in private mode gets erased?

  19. Rich says:

    Be sure to show file extensions and name the file script.bat

    I suspect you’re not showing file extensions and the file is saved as filename.bat.txt

    To show file extensions, follow this guide: http://www.mintywhite.com/windows-7/7customization/showhide-file-extensions-windows-xp-vista-7-quick-tip/

  20. deb says:

    Awesome! How do i delete the visited sites using the powershell? Works great but would like to clear it so i know what has been visited recently! Also, how do i get this on a samsung galaxy 2 tablet?

  21. worried says:

    i wanted to see the history, not delete it. If i typed in ipconfig/flushdns does that mean its all gone?

  22. Stephany says:

    Are we suppose to space or something? It’s not working for me. after I save it I tried to click on it and it pops up and it disappears right away.

  23. Arjun Menon says:

    it only show for the current session right? what about all the history ever visited?

  24. Mama E says:

    Does anyone know how to do this on a Samsung tablet using Android? I have Terminal Emulator but don’t know the command line.

  25. lolitabonita77 says:

    How do I press winkey + R….an somebody explain me like I’m 5 years old

  26. jaynice says:

    Do you have an email address?

    1. anoynnmous says:

      no

    2. Crystal says:

      Who’s email address are you asking for?

  27. katerina says:

    how do i delete what is in the bat file?

  28. katerina says:

    Can this be done on an iphone 5?

  29. Aico Javier says:

    Can this be done on Sony Xperia

  30. Lawliet says:

    i used
    ipconfig /displaydns
    command but no sites seems familiar, so is there any way of know if one of these is an adult site?…….

  31. Natural Harmonia says:

    There truly is no such thing as privacy on the internet.

  32. NAZEEM says:

    hai i have gone through all those steps…..but while opening dns file which we saved on desktop im not getting list of history.???

  33. Sachin says:

    Can we ???

Comments are closed.


Computer tips in your inbox
Sign up for the Windows Guides newsletter to get PC tips and access to free Windows books (More details)

Subscribe now
Popular Guides

See which sites have been visited on your PC (even if private browsing mode is used)

Create a Windows 7 System Repair Disc

Best Free Anti-malware

Hibernate vs. Sleep vs. Shut-Down

i3, i5, and i7; Dual, Quad, Hexa Core Processors. How to they Differ?

Intel's Ivy Bridge Processor: new Features

Windows Guides on Facebook