Post on 01-Nov-2014
description
R I S C M E E T 1
HOW BROWSER WORKS?
R I S C M E E T 2 Img Src: http://img.labnol.org/di/how-internet-works1.jpg
HOW BROWSER WORKS? CNTD.
R I S C M E E T 3 Img Src: http://taligarsiel.com/Projects/layers.png
RENDERING ENGINE – WEBKIT, CHROME,
SAFARI
R I S C M E E T 4 Img Src: http://taligarsiel.com/Projects/webkitflow.png
DEFAULT LOCATIONS
Win 7:
C:\Users\[user]\AppData\Roaming\Mozilla\Firefox\Profiles\XXXXXXXX.default\
C:\Users\[user]\AppData]Local\Mozilla\Firefox\Profiles\XXXXXXXX.default\Cache\
Linux:
~/.mozilla/firefox/XXXXXXXX.default/
MAC OS X:
~/Library/Application Support/Firefox/Profiles/XXXXXXXX.default/
~/Library/Application Support/Mozilla/Extensions
~/Library/Caches/Firefox/Profiles/XXXXXXXX.default/Cache/
R I S C M E E T 5
SQLITE TABLES
Addons
Chromeappstore
Content-prefs
Cookies
Downloads
Extensions
Formhistory
Permissions
Places
Search
Signons
Webappstore
R I S C M E E T 6
ADDONS
Any browser addons
- extra toolbars (sometimes users don’t even know they have them
installed)
What you will find:
Name, Version, Description, and other data like which profile gets to use it
in a multi-profile environment
R I S C M E E T 7
CHROMEAPPSTORE
The Search Engine container in Firefox which is set to Google by default,
though users can set any other search engine
R I S C M E E T 8
CONTENT-PREFS
Browser Preferences and Content settings like text zoom, page style,
character encoding on a site-specific bases
Useful for showing intent and frequency of visits along with the browser
history
R I S C M E E T 9
COOKIES
Every cookie that is set by the system
These may or may not be wiped clean when a user deletes all cookies or
any other program to clear tracks
A cookie being set does NOT mean the user visited the site
R I S C M E E T 10
DOWNLOADS
List of every file downloaded
- Cleared when user clears the download queue in Firefox
You can tell a lot about a person by what they download
R I S C M E E T 11
EXTENSIONS
All Extensions
This file will normally pop-up as corrupted or unavailable when Firefox is
running.
R I S C M E E T 12
FORMHISTORY
Every form filled out by the user
R I S C M E E T 13
PERMISSIONS
Permissions various sites have like allowing pop-ups
R I S C M E E T 14
PLACES
Places visited, bookmarks and attributes to sites commonly visited by the
user
Cross referencing this file with cookies, formhistory and permissions
provides a robust view of the user and how they use Firefox
Cross referencing is also useful to prove that the visit was intentional
versus a drive by cookie session
R I S C M E E T 15
SEARCH
All available search engines
R I S C M E E T 16
SIGNONS
Stored Passwords
R I S C M E E T 17
WEBAPPSTORE
All XAuth Tokens
R I S C M E E T 18
R I S C M E E T 19
R I S C M E E T 20
CACHE
Files you will find in the Cache Folder:
_CACHE_MAP
_CACHE_001, _CACHE_002, _CACHE_003
Cache Map is the main file needed to reconstruct the cache files
R I S C M E E T 21
MOZILLACACHEVIEW BY NIRSOFT
R I S C M E E T 22
R I S C M E E T 23
R I S C M E E T 24