Home
Search
Basics
Windows Tips
Applications
Customize
About
Some days ago I wrote a post about Hacking InPrivate Browsing, there you find useful information about how to find traces left by Internet Explorer using InPrivate Browsing.
Incognito Mode in Google Chrome, Private Browsing in Firefox, and InPrivate Browsing in Internet Explorer are, in essence, the same. This feature restricts the information that browser stores while using the internet. What information are we talking about?
- History: If you enter a web page, information about the site, title and URL, as well as when that page was entered is saved.
- Cookies: Many sites need to track information about the user, for example a set of books on a library site. One way to achieve this is using cookies that store the information on the user’s computer.
- Cache: If you enter more than once on a website, the browser doesn’t need to download all components of that site every time. It’s clear that these programs need storage and a way to organize the files.
If I am using my computer at home, I don’t mind if this information is stored on my computer. But what happens if you are using a shared computer? Making you a spy is not the motivation behind this post; however, the idea is showing the limits of the implementations of this feature.
Today I am going to use a more simple technique than the one explained on the previous article, to know what pages have been visited. This technique works for Chrome, Firefox and Internet Explorer.
As I am exploring PowerShell, I will show you two ways to do exactly the same.
Using the command line
When you enter on a website, you first tell the browser the name of the site you want to visit. To contact that website, the computer needs to find the IP associated with the website name; to do this, it uses a DNS server.
As you can read the process is very straightforward. As it’s not necessary to get this IP address every time, Windows uses a program (a DNS client) to store this information.
To test everything first we are going to clear entries in the DNS client:
Press WinKey + R, type cmd and press Enter to open a command line.
In the command line type ipconfig /flushdns and press Enter:
You can see the DNS resolver cache using ipconfig /displaydns:
Now we are going to open a Chrome window and go to mintywhite.com using Incognito mode. This is the private mode of Google Chrome. To open a window in this mode press Ctrl + Shift + N.
Can you imagine what happens if we close this window and check the DNS cache using ipconfig /displaydns?:
As we can see Chrome doesn’t remove this information from the DNS cache.
Using a Script
PowerShell is my latest discovery so, why not use it to display this information in a more cool way?
The code
You have to copy this to a notepad file:
@echo off
Powershell -noexit "ipconfig /displaydns | select-string 'Record Name' | foreach-object { $_.ToString().Split(' ')[-1] } | Sort | Out-Gridview"
You will see something like this:
As always go to File menu, click Save As…, and give the file a name i.e. “ShowDNSCache.bat”. (Include the quotes to save the file as a BAT file and not a TXT file.)
We can now easily find that someone has browsed Windows Guides (or any site.)
About Angel Luis
I am an Engineer of Telecommunications that love computers. My first computer was a Commodore 16kb, about 25 years ago and since then I am always fighting computers problems. Please visit my entries and ask me about whatever problem you have, I will be pleased to help you. My email is discoveryourpc [at] gmail [dot] com. You can follow me on twitter @agenlu or read my blog www.discoveryourpc.net
Search Windows Guides