ie

package

v1.0.0 Latest Latest Go to latest Published: Mar 11, 2024 License: MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dvgamerr-app/go-kooky

Links

Open Source Insights

README ¶

Notes

Version History

Internet Explorer 4 uses index.dat URL cache v4.7 Internet Explorer 9 uses index.dat Internet Explorer 10, 11 use WebCacheV01.dat

https://www.digital-detective.net/random-cookie-filenames/ "To mitigate the threat, Internet Explorer 9.0.2 now names the cookie files using a randomly-generated alphanumeric string."

http://hh.diva-portal.org/smash/get/diva2:635743/FULLTEXT02.pdf p6 "With Internet Explorer 10, Microsoft changed the way of storing web related information. Instead of the old index.dat files, Internet Explorer 10 uses an ESE database called WebCacheV01.dat" ...

https://www.nirsoft.net/utils/edge_cookies_view.html starting from Fall Creators Update 1709 of Windows 10, the cookies of Microsoft Edge Web browser are stored in the WebCacheV01.dat database ESE database at %USERPROFILE%\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat (%LocalAppData%\Microsoft\Windows\WebCache\WebCacheV01.dat) CookieEntryEx_##

https://www.foxtonforensics.com/browser-history-examiner/microsoft-edge-history-location v79+: Edge Cookies are stored in the 'Cookies' SQLite database, within the 'cookies' table.

up to Edge v44: Edge Cookies are stored in the 'WebCacheV01.dat' ESE database, within the 'CookieEntryEx' containers.

TODO: Older versions of Edge stored cookies as separate text files in locations specified within the ESE database. (?)

Text Cookies

Format

http://index-of.es/Forensic/Forensic%20Analysis%20of%20Microsoft%20Internet%20Explorer%20Cookie%20Files.pdf # least and most significant switched

https://master.dl.sourceforge.net/project/odessa/ODESSA/White%20Papers/IE_Cookie_File_Reconstruction.pdf?viasf=1

https://www.consumingexperience.com/2011/09/internet-explorer-cookie-contents-new.html

Code

https://www.codeproject.com/Articles/330142/Cookie-Quest-A-Quest-to-Read-Cookies-from-Four-Pop#InternetExplorer1

https://sourceforge.net/projects/odessa/files/Galleta/20040505_1/galleta_20040505_1.tar.gz/download # wrong times

IE URL Cache Cookies

ESE Database Cookies

Format

http://hh.diva-portal.org/smash/get/diva2:635743/FULLTEXT02.pdf

https://raw.githubusercontent.com/libyal/documentation/main/Forensic%20analysis%20of%20the%20Windows%20Search%20database.pdf

https://github.com/libyal/libesedb/blob/main/documentation/Extensible%20Storage%20Engine%20(ESE)%20Database%20File%20(EDB)%20format.asciidoc

https://web.archive.org/web/20191220154919/https://bsmuir.kinja.com/windows-10-microsoft-edge-browser-forensics-1733533818

https://www.linkedin.com/pulse/windows-10-microsoft-edge-browser-forensics-brent-muir

Tools

https://www.nirsoft.net/utils/edge_cookies_view.html

https://www.nirsoft.net/utils/ese_database_view.html

https://www.digital-detective.net/dcode/ # time stamps

Test Environments

https://web.archive.org/web/20150410044551/https://www.modern.ie/en-us # test VMs

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ # test VMs

Documentation ¶

Index ¶

func GetCookieStore(filename, browser string, ...) (*cookies.CookieJar, error)
type CacheCookieEntry
type CookieStore
type ESECookieStore
type IECacheCookieStore
- func (s *IECacheCookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)
type TextCookieStore
- func (s *TextCookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GetCookieStore ¶

func GetCookieStore(filename, browser string, m map[string]func(f *os.File, s *CookieStore, browser string), filters ...kooky.Filter) (*cookies.CookieJar, error)

Types ¶

type CacheCookieEntry ¶

type CacheCookieEntry struct {
	Domain           string
	FileName         string
	Data             []byte
	DateModification time.Time
	DateLastAccessed time.Time
	DateLastChecked  time.Time
	DateExpiry       time.Time
	FormatVersion    []byte
	BlockCount       int64
	Offset           int64
	DirectoryIndex   []byte
	Flags            uint32
	HitsCount        uint32
}

type CookieStore ¶

type CookieStore struct {
	cookies.CookieStore
}

func (*CookieStore) Close ¶

func (s *CookieStore) Close() error

func (*CookieStore) Open ¶

func (s *CookieStore) Open() error

func (*CookieStore) ReadCookies ¶

func (s *CookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)

type ESECookieStore ¶

type ESECookieStore struct {
	cookies.DefaultCookieStore
	ESECatalog *parser.Catalog
}

func (*ESECookieStore) Close ¶

func (s *ESECookieStore) Close() error

func (*ESECookieStore) Open ¶

func (s *ESECookieStore) Open() error

func (*ESECookieStore) ReadCookies ¶

func (s *ESECookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)

type IECacheCookieStore ¶

type IECacheCookieStore struct {
	cookies.DefaultCookieStore
}

TODO might need temporary copy of the file

func (*IECacheCookieStore) ReadCookies ¶

func (s *IECacheCookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)

type TextCookieStore ¶

type TextCookieStore struct {
	cookies.DefaultCookieStore
}

func (*TextCookieStore) ReadCookies ¶

func (s *TextCookieStore) ReadCookies(filters ...kooky.Filter) ([]*kooky.Cookie, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
find

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL