Pro Tips with Esben #34
Last week I talked about Chrome extensions, this week we’re going back to browsers to take a look at browser history. How you can use a custom action to view any computer’s browser history.
I’ve used custom actions multiple times before to achieve a subnet ping sweep, letting you do a ping to the subnet of an asset. Disk usage visualization that shows you how your disk usage is being used and a port status custom action to view the port status of an asset.
Browser history can be useful to troubleshoot or investigate when things go wrong. If you’ve received a notification from your firewall or antivirus of a user attempting to download or access a harmful URL or file, you can more easily identify the website that referred them there or how they arrived at the malicious link.
Obviously, there is a privacy concern here. When and whether you’re allowed to use this will probably depend on your local legislation, so if you’re unsure I’d recommend reading up on your local privacy laws. As far as I’m aware, it is permitted in most places as long as you’re using it on company-owned devices.
Before we create the custom actions, it is important to ensure you can actually run actions in Lansweeper. To do this you’ll need to download and configure a browser extension so that you can run actions. You can find all the info you need in the custom actions knowledgebase article.
BrowsingHistoryView
This week we’re using BrowsingHistoryView. A NirSoft utility that shows you the browser history of popular browsers (Mozilla Firefox, Google Chrome, Internet Explorer, Microsoft Edge, Opera). It lets you see the visited URL, Title, Visit Time, Visit Count, Web browser, and User Profile. Lastly, you can also export the browsing history into csv/tab-delimited/html/xml file from the user interface.
It is possible that the BrowsingHistoryView will get flagged by your anti-virus as malicious depending on your security vendor. It doesn’t fully surprise me given the nature of what we’re trying to do is pretty close to what spyware would do. But as always, use it at your own risk. You can have a look at VirusTotal’s page on the software, JoeSandbox’s security analysis, hybrid-analysis’ page and more.
The first step is to grab the BrowsingHistoryView tool and place it in your Lansweeper Actions folder (C:Program Files (x86)LansweeperActions).
Creating the Custom Action
Once the executable is in the actions folder, the only thing left to do is create the custom action in ConfigurationAsset Pages
. After the Action field, you can enter the following:
{actionpath}BrowsingHistoryView.exe /HistorySource 7 /ComputerName {smartname}
Once created, you’ll find the action on the left-hand side of your web console when you’re on an asset.