Skip to content
/ google-analytics-cookie-parser Public

A WIP forensics tool written in Python, for parsing Google Analytics cookies.

License

GPL-3.0 license
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pbeart/google-analytics-cookie-parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

77 Commits
docs
docs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
freeze.bat
freeze.bat
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

google-analytics-cookie-parser

A WIP forensics tool for Windows written in Python, for parsing Google Analytics cookies.

Always manually verify any results from this tool which you wish to use as evidence.

Download latest version here

Instructions for GUI use:

Loading cookies

  • Select the browser and browser version you're using from the dropdown at the top
  • Find the cookies file using the instructions for your browser
  • Click 'Process'

Viewing and exporting

  • You can view information for a given domain by selecting that domain with the Domain dropdown after loading a cookie file
  • You can also export all Google Analytics cookies in a parsed format to .csv files in a chosen directory by clicking the 'Output to .csv' button

Instructions for CLI use:

  • Every command requires both an input file path (-i or --input) and a browser name (-b or --browser) to be specified. Currently, -b/--browser can only be firefox.3+ or csv

Viewing cookie info

  • The info command, which does not require any additional parameters, will show the number of GA cookies found and the number of unique domains for which any cookies were found

Listing domains

  • The list-domains command, which does not require any additional parameters, will list all domains for which GA cookies were found

Viewing domain information

  • The domain-info command, which requires the additional parameter -d or --domain, will list a parsed version of all available information for the given domain. The domain should be given in the format in which it is found with list-domains

Exporting all cookie information to .csv

  • The export-csv command, which requires the additional parameter -o or --output which should be a directory path of the output directory, will export all found cookie data to .csv files in the given directory. The -f or --force-overwrite option can be given to automatically overwrite files if they exist without prompting the user.

GACP currently supports:

  • Reading and parsing cookies.sqlite from Firefox v3+ and any browser from which you can retrieve cookies as a .csv file
  • Analysing and parsing all relevant Google Analytics cookies (_ga, __utma, __utmb, __utmz)
  • Presenting all available information for a given domain
  • Exporting GA cookie information to a .csv file

GACP is currently only tested on Firefox v3+ and .csv, and as always any critical evidence should be double-checked by manually inspecting the relevant cookies

Acknowledgements

I would like to thank Kevin Ripa, for being such an excellent instructor and mentor, and providing the inspiration to create this tool.

About

A WIP forensics tool written in Python, for parsing Google Analytics cookies.

Topics

python firefox google-analytics cookies forensics

Resources

Readme

License

GPL-3.0 license
Activity

Stars

7 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 3

v0.3.0 Latest
Sep 24, 2019
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages