Dumpzilla — Extract Forensic Information of Browser

Forensic

Dumpzilla — Extract Forensic Information of Browser

In this tutorial we are going to discuss about how we can do forensic investigation on a browser and get interesting information.

Dumpzilla is a browser forensic command line tool it works on Windows,Mac and Linux. It comes pre-installed in our Kali Linux machine. Dumpzilla is written in Python3 and it can extract all forensic interesting information of Firefox, Iceweasel, and Seamonkey browser. Dumpzilla can collect information of following:

  • Cookies + DOM storage (HTML5)
  • Downloads
  • Web forms
  • History
  • Offline Cache
  • Thumbnail Extraction
  • Addons / Extensions and used path or URLs.
  • Browser saved passwords
  • SSL certificates added as a exception
  • Session data
  • Visualize live user surfing, URL used in each tab

In this simple words we an get browser’s passwords, history, bookmarks, cookies, extensions, sessions, permissions, downloads etc.

dumpzilla kali linux

Let’s have a look on dumpzilla. To run this tool we open our Kali Linux terminal window and type following command :

dumpzilla

The screenshot is following:

dumpzilla help

In Firefox browser’s saved data in profiles, to extract the data for forensic we use dumpzilla. Here we need to know the path of default profile. Different operating system have different path

  • Windows profiles path

C:Documents and SettingsxxApplication DataMozillaFirefoxProfilesxxxx.default

  • Mac OS profiles path

/users/$USER/.mozilla/firefox/xxxx.default

  • Linux or UNIX profile path

/home/$USER/.mozilla/firefox/xxxx.deafult

Here we are going to test in our Kali Linux environment so we type following command to check the profiles 
 
cd /root/.mozilla/firefox && ls
The screenshot is following:
 
firefox default profiles
Here we have highlighted the default profile. Now we run dumpzilla on the default profile by using following command to check the all things:
dumpzilla /root/.mozilla/firefox/3iezq4mz.default --All
The screenshot of the command is following:
dumpzilla all
Here we got all the data. Now we are going to extract all data in a text file on our desktop by using following command:
 
dumpzilla /root/.mozilla/firefox/3iezq4mz.default --All | tee /root/Desktop/firefox.txt

This command will save the firefox.txt file in our Desktop.

dumpzilla text file report
 Here we can see every data extracted from our Firefox browser, like saved passwords, cookies, addons, history and many more.
 
dumpzilla text file
 
Dumpzilla is a very good forensic tool in Kali Linux to extract private data from browsers. we can analyze those data to solve cyber crime cases.
KP

KP AKA Koushik Pal is a Security researcher and specialist focused on educating about Linux for cybersecurity and URL‑masking vulnerabilities. Creator of MaskPhish, a well‑known open‑source bash-based URL‑masking tool. Linux enthusiasts Active speaker, trainer, and advocate for secure web practices.

view all posts

Related Posts

Post Comment

You May Have Missed