Skip to content

Changes

Page history
Create Bookmark Enumeration authored by William's avatar William
Show whitespace changes
Inline Side-by-side
Browser-Bookmark-Discovery.md 0 → 100644
View page @ e09fb359
# What is Browser Bookmark Discovery?
Simply put, it is enumerating bookmarks on compromised hosts to learn more about them. Bookmarks can reveal personal information about users, as well as internet network information such as servers, tools, and other infrastructure. Bookmarks may also point to additional potential targets, such as login credentials cached by a browser.
# Where are they?
Storage locations vary based on platform and/or application, however they are generally stored in local files or databases.
## On Linux:
Note that all of these will echo the content of the files into a file in /tmp/ called {browser}-bookmarks.txt. What you wish to do with that file is up to you.
#### Firefox:
Can be found with:
`find / -path "*.mozilla/firefox/*/places.sqlite" -exec echo {} >> /tmp/firefox-bookmarks.txt \;`
#### Chrome:
Can be found with:
`find / -path "*.config/google-chrome/Default/Bookmarks" -exec echo {} >> /tmp/chrome-bookmarks.txt \;`
or
`find / -path "*.config/Chromium/Default/Bookmarks" -exec echo {} >> /tmp/firefox-bookmarks.txt \;`
## On Windows:
#### Firefox:
Firefox's `places.sqlite` is found in:
`%APPDATA%\Mozilla\Firefox\Profiles\<User>\`
Note: This is in the "Roaming" subfolder of AppData.
#### Chrome:
Chrome's `Bookmarks` is found in:
`%APPDATA%\..\Local\Google\Chrome\User Data\Default\`
## On Mac:
#### Firefox:
`~/Library/Application Support/Firefox/Profiles/*.default/places.sqlite`
#### Chrome:
`~/Library/Application Support/Google/Chrome/Default/Bookmarks`
#### Safari:
`~/Library/Safari/Bookmarks.plist`
\ No newline at end of file