Skip to content
A tool to parse Firefox and Chrome HSTS databases into forensic artifacts!
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
azure-pipelines.yml
hstsparser.py
poetry.lock
pyproject.toml
requirements-ci.txt
requirements.txt
tox.ini

README.md

HSTS Parser

Build Status Publish Status Licence Python 3.7.x

HSTS Parser is a simple tool to parse Firefox and Chrome's HSTS databases into actually helpful forensic artifacts! You can read more about the research behind this tool and potential uses for it over on my blog!

Installation

Installing HSTS Parser is easy! Just run the below command to install the dependencies and you're good to go!

pip3 install -r requirements.txt

Alternatively, if you're using Windows, you can use the executables on the releases page to not need to install anything at all.

Usage

All of the below documentation is written for the Python version rather than the standalone, but the commands are the same, just replacing python3 hstsparser.py with the name of the executable.

$ python3 hstsparser.py -h
usage: hstsparser.py [-h] [-w WORDLIST] (--firefox | --chrome) FILE

Process HSTS databases

positional arguments:
  FILE         The path to the database to be processed

optional arguments:
  -h, --help   show this help message and exit
  -w WORDLIST  The path to the database to be processed
  --csv CSV    Output to a CSV file
  --firefox    Process a Firefox database
  --chrome     Process a Chrome database

Examples

Firefox

python3 hstsparser.py --firefox SiteSecurityServiceState.txt

Chrome

python3 hstsparser.py --chrome TransportSecurity

Chrome with Wordlist

python3 hstsparser.py -w wordlist.txt --chrome TransportSecurity

Screenshots

Firefox

Screenshot of Firefox Processing

Chrome with Wordlist

Screenshot of Chrome Processing with a wordlist

Links

You can’t perform that action at this time.