Windows Guides Feed

Windows 7 Exclamtion Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)Some days ago I wrote a post about Hacking InPrivate Browsing, there you find useful information about how to find traces left by Internet Explorer using InPrivate Browsing.

Incognito Mode in Google Chrome, Private Browsing in Firefox, and InPrivate Browsing in Internet Explorer are, in essence, the same. This feature restricts the information that browser stores while using the internet. What information are we talking about?

  • History: If you enter a web page, information about the site, title and URL, as well as when that page was entered is saved.
  • Cookies: Many sites need to track information about the user, for example a set of books on a library site. One way to achieve this is using cookies that store the information on the user’s computer.
  • Cache: If you enter more than once on a website, the browser doesn’t need to download all components of that site every time. It’s clear that these programs need storage  and a way to organize the files.

If I am using my computer at home, I don’t mind if this information is stored on my computer. But what happens if you are using a shared computer? Making you a spy is not the motivation behind this post; however, the idea is showing the limits of the implementations of this feature.

Today I am going to use a more simple technique than the one explained on the previous article, to know what pages have been visited. This technique works for Chrome, Firefox and Internet Explorer.

As I am exploring PowerShell, I will show you two ways to do exactly the same.

Using the command line

When you enter on a website, you first tell the browser the name of the site you want to visit. To contact that website, the computer needs to find the IP associated with the website name; to do this, it uses a DNS server.

As you can read the process is very straightforward. As it’s not necessary to get this IP address every time, Windows uses a program (a DNS client) to store this information.

To test everything first we are going to clear entries in the DNS client:

Press WinKey + R, type cmd and press Enter to open a command line.

In the command line type ipconfig /flushdns and press Enter:

Windows 7 Ipconfig FlushDNS1 Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

You can see the DNS resolver cache using ipconfig /displaydns:

Windows 7 Ipconfig Displaydns Empty1 Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

Now we are going to open a Chrome window and go to mintywhite.com using Incognito mode. This is the private mode of Google Chrome. To open a window in this mode press Ctrl + Shift + N.

Chrome Incognito mintywhite Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

Can you imagine what happens if we close this window and check the DNS cache using ipconfig /displaydns?:

Cmd Ipconfig displaydns Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

As we can see Chrome doesn’t remove this information from the DNS cache.

Using a Script

PowerShell is my latest discovery so, why not use it to display this information in a more cool way?

The code

You have to copy this to a notepad file:

@echo off
Powershell -noexit "ipconfig /displaydns | select-string 'Record Name' | foreach-object { $_.ToString().Split(' ')[-1]   } | Sort | Out-Gridview"

You will see something like this:

notepad Powershell ipconfig script Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

As always go to File menu, click Save As…, and give the file a name i.e. “ShowDNSCache.bat”. (Include the quotes to save the file as a BAT file and not a TXT file.)

Save As ShowDNSCache Bat Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

We can now easily find that someone has browsed Windows Guides (or any site.)

Powershell OutGridView mintywhite Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)



 Check which Sites Have Been Visited (Even if Private Browsing Mode is Used)

About Angel Luis

I am an Engineer of Telecommunications that love computers. My first computer was a Commodore 16kb, about 25 years ago and since then I am always fighting computers problems. Please visit my entries and ask me about whatever problem you have, I will be pleased to help you. My email is discoveryourpc [at] gmail [dot] com. You can follow me on twitter @agenlu or read my blog www.discoveryourpc.net

Free PC tips by email

Search Windows Guides




Comments

  • nüph

    One thing I don’t get is what to do after this ShowDNSCache.bat file is saved.
    Which application to use to get data (visited pages) seen???
    Thanx in advance.

    • Furrelkt

      just double click the .bat file and it will run in a window.

  • nüph

    Ok, It works now with Powershell application on Win7. I wonder the resulted pages it shows are how old… is there any ways to see the date a page has been visited? Thanx in advance.

  • Eos_athen

    I have a question, I get to the stage of having powershell and also having saved the code as the notepad file (all in quotation marks as required). What now? I try opening the file on it’s own, tried opening powershell and typed in “ShowDNSCache.bat” and ShowDNSCache.bat nothing has happened. Can anyone tell me how to get to the last step?

    Thanks for any help in advance.

    Also, it’s not just children that we are worried about.

    • http://discoveryourpc.net Angel

      In theory if you have powershell installed on your system you only have to doubleclick the bat file.

      Are you using Windows XP, Vista or 7?

  • Furrelkt

    1. copy to notepad
    @echo off
    Powershell -noexit “ipconfig /displaydns | select-string ‘Record Name’ | foreach-object { $_.ToString().Split(‘ ‘)[-1] } | Sort | Out-Gridview”
    2. save the file as
    “ShowDNSCache.bat”
    3. double click the .bat file and a window and cnd window will open.

  • Cindy21

    Why did u have me dump the very thing that was going to answer my question before you tell me how to retrieve the information? Can I retrieve any of the info that I erased in the first step?I needed to retrieve the data for web sites already visited.

    • amarie

      did u manage to retrieve the sites visited how did u do it as i really need see the history on my laptop please help

  • Wondering

    All i’m getting is ns1.msft.net and ns(2,3,4,5).msft.net and 6to4.ipv6.microsoft.com…is this supposed to tell me something, cuz I don’t understand.

  • Guest

    So do you have to download powershell for this?

  • Guest201

    How do you then delete the websites from the BAT file

  • http://richr.org/ Rich

    Right click and select Run

  • Mumair Iqt

    it does not show full history

  • rmy

    why doesn’t it show the full history????

  • Rmedwards

    Guess there isn’t a way to do this on a Mac?

  • guest

    It doesn’t work if the history has been cleared.

  • G1NA98

    how do you get from the save as part to view all the web sites that have been used????

  • amarie

    hi im absolutley useless on computers please can u send this to me so i just have to click the link so i can open this on my windows 7 laptop please as i really need help to keep a track and cant follow the instructions as iv tried and am not gettin nowere please help me my email is anne-marie22@hotmail.co.uk please help.

  • it doesnt work for me

  • http://www.facebook.com/profile.php?id=1214839755 Brad Scott

    CCleaner has a DNS flush feature. Do you know if it’s effective?

    • http://richr.org/ Rich

      Yep, the best way to test is to identify a site in the DNS cache and then run the following command/batch script:
      “C:Program FilesCCleanerCCleaner.exe” /AUTO ipconfig /flushdns

      This should remove all traces.

  • mintywhite1234

    So if i flush dns all the history seen in private mode gets erased?

  • http://richr.org/ Rich

    Be sure to show file extensions and name the file script.bat

    I suspect you’re not showing file extensions and the file is saved as filename.bat.txt

    To show file extensions, follow this guide: http://mintywhite.com/windows-7/7customization/showhide-file-extensions-windows-xp-vista-7-quick-tip/

  • deb

    Awesome! How do i delete the visited sites using the powershell? Works great but would like to clear it so i know what has been visited recently! Also, how do i get this on a samsung galaxy 2 tablet?

  • worried

    i wanted to see the history, not delete it. If i typed in ipconfig/flushdns does that mean its all gone?

  • Stephany

    Are we suppose to space or something? It’s not working for me. after I save it I tried to click on it and it pops up and it disappears right away.

  • Arjun Menon

    it only show for the current session right? what about all the history ever visited?

  • Mama E

    Does anyone know how to do this on a Samsung tablet using Android? I have Terminal Emulator but don’t know the command line.


Computer tips in your inbox
Sign up for the Windows Guides newsletter to get PC tips and access to free Windows books (More details)

Enter your email address:
 

Popular Guides

See which sites have been visited on your PC (even if private browsing mode is used)

Create a Windows 7 System Repair Disc

Best Free Anti-malware

Hibernate vs. Sleep vs. Shut-Down

i3, i5, and i7; Dual, Quad, Hexa Core Processors. How to they Differ?

Intel's Ivy Bridge Processor: new Features

Submit Your Tip
Submit your computer tip to us; receive full credit for all published tips

Windows Guides on Facebook