Forensicsmozillafirefoxforensiccookiesbookmarksbrowserpython

Dumpzilla

Dumpzilla is a Mozilla browser forensic tool that extracts forensic information from Firefox, Iceweasel, and Seamonkey browsers. It dumps data like cookies, bookmarks, and addons for analysis.

Description

Dumpzilla application is developed in Python 3.x and has the purpose of extracting all forensic interesting information from Firefox, Iceweasel and Seamonkey browsers to be analyzed. It works under Unix and Windows 32/64 bits systems in command line interface, allowing information dumps to be redirected by pipes with tools such as grep, awk, cut, sed. Dumpzilla allows one to visualize sections like cookies, bookmarks, downloads, addons, search customization and extract certain content.

Use cases include forensic analysis of browser profiles to recover cookies, history, downloads, and other artifacts. It supports filtering by domain, name, dates, and other criteria for targeted extraction. Profile locations are specified for different operating systems, such as Unix profiles in /home/$USER/.mozilla/firefox/xxxx.default.

Due to Python 3.x development, it might not work properly in old Python versions, mainly with certain characters. Wildcards and regular expressions enable advanced searching.

How It Works

Dumpzilla analyzes Mozilla profile folders, parsing files for forensic data like cookies, bookmarks, downloads, addons. It supports options for filtering by domain, host, dates, secure flags using wildcards (% for any string, _ for single char) or regex. Output includes detailed fields like SHA256 hashes, expiry times, creation/access dates. Data can be exported as JSON. Operates via command line on Python 3.x with dependencies like libnss3, python3-lz4.

Installation

bash

sudo apt install dumpzilla

Flags

--AllDump everything except the DOM data

--AddonsExtract addons information

--SearchPerform search operations

--BookmarksExtract bookmarks with optional range filters [-bm_create_range <start> <end>] [-bm_last_range <start> <end>]

--CertoverrideHandle certificate override data

--CookiesExtract cookies with filters [-showdom] [-domain <string>] [-name <string>] [-hostcookie <string>] [-access <date>] [-create <date>] [-secure <0|1>] [-httponly <0|1>] [-last_range <start> <end>] [-create_range <start> <end>]

--DownloadsExtract downloads with optional range filter [-range <start> <end>]

--Export <directory>Export data as json to specified directory

Examples

Analyze the Mozilla profile folder (/root/.mozilla/firefox/k780shir.default/) and dump everything except the DOM data

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --All

Extract all cookies from the profile

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Cookies

Extract cookies filtered by domain google.com

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Cookies -domain google.com

Extract bookmarks from the profile

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Bookmarks

Extract downloads from the profile

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Downloads

Extract addons information from the profile

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Addons

Export all data as JSON to /tmp/export directory

dumpzilla '/root/.mozilla/firefox/k780shir.default/' --Export /tmp/export

Updated 2026-04-16kali.org ↗