How to get needles #30

zachturing · 2018-11-26T08:36:33Z

In file community/DatQuoc/LinuxFirefox.py:

class Linux_FFHis(linux_common.AbstractLinuxCommand):
"""Listing History of FireFox Browser"""

def __init__(self,config, *args, **kwargs):
	linux_common.AbstractLinuxCommand.__init__(self, config, *args, **kwargs)	
def calculate(self):
	address_space = utils.load_as(self._config, astype = 'physical')		
	row_avaiable = []	
	needles = ['\x06\x25\x08', '\x06\x25\x09', 
		'\x00\x25\x08', '\x00\x25\x09']

In the code above, i have two questions.
(1)How is the value of the variable needles obtained?
(2)Does this string(needles) appear in memory when viewing firefox history?

The text was updated successfully, but these errors were encountered:

datquoc93 · 2018-11-28T03:58:57Z

You need reading about SQLite Structure, Varints & Serial Type Code.

It's end of places.sqlite header:
***: Payload Header Length (Varint)
***: Serial Type Code of ID
***: Serial Type Code of URL
***: Serial Type Code of Title
***: Serial Type Code of Rev_host
***: Serial Type Code of Visit_count
***: Serial Type Code of Hiden
***: Serial Type Code of Typed
***: Serial Type Code of Favicon_id
***: Serial Type Code of Frecency
\x06 or \x00 : Serial Type Code of Last_visit_date
\x25 : Serial Type Code of Guid
\x08 or \x09 : Serial Type Code of Foreign_count
***: PAYLOAD

https://www.sqlite.org/fileformat.html -> Reading 2.1. Record Format can help you understand

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to get needles #30

How to get needles #30

zachturing commented Nov 26, 2018

datquoc93 commented Nov 28, 2018 •

edited

How to get needles #30

How to get needles #30

Comments

zachturing commented Nov 26, 2018

datquoc93 commented Nov 28, 2018 • edited

datquoc93 commented Nov 28, 2018 •

edited