Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications (with more to come!). Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill records, saved passwords, preferences, browser extensions, HTTP cookies, and Local Storage records (HTML5 cookies). Once the data is extracted from each file, it is correlated with data from other history files and placed in a timeline.
Also Read CuckooDroid – Automated Android Malware Analysis with Cuckoo Sandbox
It has a simple web UI – to start it, run “hindsight_gui.py” (or on Windows, the packaged “hindsight_gui.exe”) and visit http://localhost:8080 in a browser:
The only field you are required to complete is “Profile Path”. This is the location of the Chrome profile you want to analyze (the default profile paths for different OSes is listed at the bottom of this page). Click “Run” and you’ll be taken to the results page in where you can save the results to a spreadsheet (or other formats).
There also is command line version of Hindsight – hindsight.py or hindsight.exe. The user guide in the documentation folder covers many topics, but the info below should get you started with the command line version:
Example usage: > C:\hindsight.py -i “C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default” -o test_case
Command Line Options:
| Option | Description |
|---|---|
| -i or –input | Path to the Chrome(ium) “Default” directory |
| -o or –output | Name of the output file (without extension) |
| -f or –format | Output format (default is XLSX, other option is SQLite) |
| -c or –cache | Path to the cache directory; only needed if the directory is outside the given “input” directory. Mac systems are setup this way by default. |
| -b or –browser_type | The type of browser the input files belong to. Supported options are Chrome (default) and Brave. |
| -l or –log | Location Hindsight should log to (will append if exists) |
| -h or –help | Shows these options and the default Chrome data locations |
| -t or –timezone | Display timezone for the timestamps in XLSX output |
The Chrome default profile folder default locations are:
A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…
In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…
A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…
Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…
A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…
Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…