Internet Tracking

[bluearmy35]

Hi

I was wondering whether there is any way you can track an individual users internet usage over a certain period of time, we do have a proxy server but users do not go through that at the moment.

However all users do go through a watchguard, is there anyway we can track this historically. I know reports have not been switched on, does anyone know any way.

 

[tfg13]

You can use the code below. This script (save the file as a .vbs) will allow you to see what individuals are looking at if they are using IE. This particular script does so from you local machine, and as long as you have admin priveledges on the target machine, will allow you to see the websites/files that they opened.

' +----------------------------------------------------------------------------+
' | Contact Info                                                               |
' +----------------------------------------------------------------------------+
' Author: Vengy
' Email : cyber_flash@hotmail.com
' Tested: win2K/XP
' IMPORTANT: Accessing a networked PC using: "\\Machine\C$" requires Administrator privilege.



' +----------------------------------------------------------------------------+
' | Let The Games Begin!                                                       |
' +----------------------------------------------------------------------------+
' INDEX.DAT files keep a list of websites you have visited, cookies received and files opened/downloaded.
' As a result anyone can find out what you have been doing on the Internet!

' This program scans all History index files only (not cookies or temporary internet files)
' looking for any protocol :// entries. If found, they're stored in a file called C:\Machine-MM-DD-YYYY.htm.

' When the scan completes, you will have the option to remove specific IE history files!

' Aside: This program invokes a local windows program called FIND.EXE to
' parse the index.dat files. (I was too lazy to code it myself. ;)

' Have Fun! (-_-)



' +----------------------------------------------------------------------------+
' | Ensure that all variable names are defined!                                |
' +----------------------------------------------------------------------------+
Option Explicit



' +----------------------------------------------------------------------------+
' | Setup constants                                                            |
' +----------------------------------------------------------------------------+
Const conBarSpeed=80
Const conForcedTimeOut=3600000 ' 1 hour



' +----------------------------------------------------------------------------+
' | Setup Objects and misc variables                                           |
' +----------------------------------------------------------------------------+
Dim oFSO        : Set oFSO    = CreateObject("Scripting.FileSystemObject")
Dim oWShell     : Set oWShell = CreateObject("WScript.Shell")
Dim objNet      : Set objNet  = CreateObject("WScript.Network")
Dim Env         : Set Env     = oWShell.Environment("SYSTEM")
Dim arrFiles    : arrFiles    = Array()
Dim arrUsers    : arrUsers    = Array()
Dim HistoryPath : HistoryPath = Array()
Dim objIE
Dim objProgressBar
Dim objTextLine1
Dim objTextLine2
Dim objQuitFlag
Dim spyPath
Dim index
Dim Machine



' +----------------------------------------------------------------------------+
' | Determine OS type. Must be Windows_NT (windows XP/2K/2K3)                  |
' +----------------------------------------------------------------------------+
If StrComp(Env("OS"),"Windows_NT",VBTextCompare) <> 0 Then
   WScript.Echo "This script supports only Windows XP/2K/2K3/NT." & vbNewLine & "Exiting..."
   CleanupQuit
End If



' +----------------------------------------------------------------------------+
' | Whose been a naughty surfer? Let's find out! ;)                            |
' +----------------------------------------------------------------------------+
Machine = UCASE(InputBox("Please enter a network machine:","Remote IE Spy",objNet.UserName))

If Machine <> "" Then
  If Not oFSO.FolderExists("\\" & Machine & "\C$") Then
    MsgBox "Unable to access "&"\\" & Machine & "\C$" & VBCRLF & VBCRLF & "You may need Admin privileges to access that share!",0,"Scan Aborted"
  Else
  
' +----------------------------------------------------------------------------+
' | Set file spy path = C:\Machine-MM-DD-YYYY.htm                              |
' +----------------------------------------------------------------------------+
    spyPath="C:\" & Machine & "-" & Replace(FormatDateTime(Date()),"/","-") & ".htm"
    
    StartSpyScan
  End If
End if



' +----------------------------------------------------------------------------+
' | Outta here ...                                                             |
' +----------------------------------------------------------------------------+
CleanupQuit



' +----------------------------------------------------------------------------+
' | Cleanup and Quit                                                           |
' +----------------------------------------------------------------------------+
Sub CleanupQuit()
    Set oFSO    = Nothing
    Set oWShell = Nothing
    Set objNet  = Nothing
    WScript.Quit
End Sub



' +----------------------------------------------------------------------------+
' | Start Spy Scan                                                             |
' +----------------------------------------------------------------------------+
Sub StartSpyScan()
    Dim index_folder, history_folder, oSubFolder, oStartDir, sFileRegExPattern, user

    LocateHistoryFolder
    
    index_folder="\\" & Machine & "\C$\" & HistoryPath(1)

    If Not oFSO.FolderExists(index_folder) Then
      MsgBox "No history folder exists. Scan Aborted."
    Else

      StartIE  "Remote IE Spy"   
      SetLine1 "Locating history files:"

      sFileRegExPattern = "\index.dat$"
      Set oStartDir = oFSO.GetFolder(index_folder)

      For Each oSubFolder In oStartDir.SubFolders
        history_folder=oSubFolder.Path&"\"&HistoryPath(3)&"\"&HistoryPath(4)&"\"&"History.IE5"
        If oFSO.FolderExists(history_folder) Then

          If IsQuit()=True Then
        CloseIE    
        CleanupQuit
          End If

          user = split(history_folder,"\")
          SetLine2 user(5)
          
          ReDim Preserve arrUsers(UBound(arrUsers) + 1)
          arrUsers(UBound(arrUsers)) = user(5)          

          Set oStartDir = oFSO.GetFolder(history_folder)
          RecurseFilesAndFolders oStartDir, sFileRegExPattern
        End If
      Next

      ' Index flag to determine if at least one index.dat file exists.
      If IsEmpty(index) Then
        CloseIE
        MsgBox "No Index.dat files found. Scan Aborted."
      Else
        CreateSpyTmpFile
        CreateSpyHtmFile
        CloseIE
        RunSpyHtmFile
        DeleteIndexFiles
      End If

   End If
End Sub



' +----------------------------------------------------------------------------+
' | Locate History Folder                                                      |
' +----------------------------------------------------------------------------+
Sub LocateHistoryFolder()   
    ' Example: C:\Documents and Settings\<username>\Local Settings\History
    ' HistoryPath(0) = C:
    ' HistoryPath(1) = Documents and Settings
    ' HistoryPath(2) = <username>
    ' HistoryPath(3) = Local Settings
    ' HistoryPath(4) = History    
    HistoryPath=split(oWShell.RegRead("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History"),"\")
End Sub



' +----------------------------------------------------------------------------+
' | Find ALL History Index.Dat Files                                           |
' +----------------------------------------------------------------------------+
Sub RecurseFilesAndFolders(oRoot, sFileEval)
    Dim oSubFolder, oFile, oRegExp

    Set oRegExp = New RegExp
    oRegExp.IgnoreCase = True

    If Not (sFileEval = "") Then
      oRegExp.Pattern = sFileEval
      For Each oFile in oRoot.Files
        If (oRegExp.Test(oFile.Name)) Then
          ReDim Preserve arrFiles(UBound(arrFiles) + 1)
          arrFiles(UBound(arrFiles)) = oFile.Path
          index=1 ' Found at least one index.dat file!
        End If
      Next
    End If

    For Each oSubFolder In oRoot.SubFolders
      RecurseFilesAndFolders oSubFolder, sFileEval
    Next
End Sub



' +----------------------------------------------------------------------------+
' | Create Spy.tmp file                                                        |
' +----------------------------------------------------------------------------+
Sub CreateSpyTmpFile()
    Dim sTempTmp, ub, count, elem, user
    
    ' Example: C:\Documents and Settings\<username>\Local Settings\Temp\spy.tmp
    sTempTmp = oFSO.GetSpecialFolder(2)+"\spy.tmp"
    
    ' Cleanup old spy.tmp file ...
    If oFSO.FileExists(sTempTmp) Then
      oFSO.DeleteFile sTempTmp
    End If  
    
    count = 0
    ub = UBound(arrFiles)
  
    For Each elem In arrFiles

        If IsQuit()=True Then
          CloseIE    
          CleanupQuit
        End If

        count = count+1            
        user = split(elem,"\")
        SetLine1 "Scanning "+user(2)+" history files:"
        SetLine2 CStr(ub+1-count)

        oWShell.Run "cmd /c find "+chr(34)+"://"+chr(34)+" "+chr(34)+elem+chr(34)+" >>"+chr(34)+sTempTmp+chr(34),0,True
    Next

    ' Check that spy.tmp exists.   
    If not oFSO.FileExists(sTempTmp) Then
      MsgBox "For some odd reason, SPY.TMP does not exist:"+vbCRLF+vbCRLF+sTempTmp+vbCRLF+vbCRLF+"Unfortunately, no surfing history can be tracked. (cyber_flash@hotmail.com)", VBOKonly, "Exiting (code=0)"
      CloseIE    
      CleanupQuit
    End If

End Sub



' +----------------------------------------------------------------------------+
' | Create Spy.htm file                                                        |
' +----------------------------------------------------------------------------+
Sub CreateSpyHtmFile()
    Dim sReadLine, sArray, start, visit_date, sTempTmp, oTextStream, oFilein, elem

    ' Cleanup old spy.htm file ...
    If oFSO.FileExists(spyPath) Then
      oFSO.DeleteFile spyPath
    End If
       
    Set oTextStream = oFSO.CreateTextFile(spyPath)
    
    ' Check that spy.htm was created.   
    If not oFSO.FileExists(spyPath) Then
      MsgBox "For some odd reason, SPY.HTM does not exist:"+vbCRLF+vbCRLF+spyPath+vbCRLF+vbCRLF+"Unfortunately, no surfing history can be tracked. (cyber_flash@hotmail.com)", VBOKonly, "Exiting (code=1)"
      CloseIE    
      CleanupQuit
    End If
    
    ' Example: C:\Documents and Settings\<username>\Local Settings\Temp\spy.tmp
    sTempTmp = oFSO.GetSpecialFolder(2)+"\spy.tmp"
    
    Set oFilein = oFSO.OpenTextFile(sTempTmp,1)

    oTextStream.WriteLine "<html><title>IE is spying on you!</title><body bgcolor=#CCCCFF><font size=2><b>Welcome <font color=green>"&objNet.UserName&"</font></b><br><br>"
        
    oTextStream.WriteLine "<b>"+CStr(UBound(arrUsers)+1)+" users surfed on " + Machine + "'s PC:</b><br>"    
    For Each elem In arrUsers
       oTextStream.WriteLine "<font color=green>"+elem+"</font><br>"      
    Next   
    
    oTextStream.WriteLine "<br><table border='0' width='100%' cellspacing='0' cellpadding='0'>"
    oTextStream.WriteLine "<tr><td nowrap><b>Date:</b></td><td nowrap><b>&nbsp; User:</b></td><td nowrap><b>&nbsp; Link:</b></td></tr>"
    
    Do While Not oFilein.AtEndOfStream
      sReadLine = oFilein.ReadLine
      start = Instr(sReadLine,": ")
      If start <> 0 Then
        visit_date=fnFormatDate(sReadLine)
        sReadLine = Mid(sReadLine,start+2)
        sArray = Split(sReadLine,"@")
        'Visit Date + User + Visited URL    
        oTextStream.WriteLine "<tr><td nowrap><font color=red size=2>"+visit_date+"</font></td>"+"<td nowrap><font color=green size=2>&nbsp; "+sArray(0)+"</font></td>"+"<td nowrap><font size=2>&nbsp; <a href="+sArray(1)+">"+sArray(1)+"</a></font></td></tr>"
      End If
    loop
    
    oTextStream.WriteLine "</table>"
    
    oTextStream.WriteLine "<br><b>Listing of history files:</b><br>"    
    For Each elem In arrFiles
      oTextStream.WriteLine elem+"<br>"      
    Next    
    
    oTextStream.WriteLine "<b>Total Worldwide Spy Scans so far:</b><iframe width=50% height=50 frameborder=0 scrolling=no src='[URL unfurl="true"]https://home.comcast.net/~vengy/ctr.htm'></iframe><br>This[/URL] log counter is incremented each time any IE spy results are generated.<br>The purpose is to monitor basic spy script activity.<br>No personal information is collected or sent by this script!<br><p><a href=mailto:cyber_flash@hotmail.com?subject=ie_spy>Bugs or Comments?</a></p></font><br><br><b>End of Report</b></body></html>"

    oFilein.Close
    oTextStream.Close
    
    ' Cleanup temp file ...    
    If oFSO.FileExists(sTempTmp) Then
      oFSO.DeleteFile sTempTmp
    End If    
End Sub



' +----------------------------------------------------------------------------+
' | Convert Date into readable format                                          |
' +----------------------------------------------------------------------------+
function fnFormatDate(sReadLine)
    Dim d, tArray

    tArray = Split(sReadLine,": ")
    d=Right(tArray(0),16)
    If IsNumeric(d) Then
      fnFormatDate = FormatDateTime(Left(d,4)+"/"+Mid(d,5,2)+"/"+Mid(d,7,2),2)&"-"&FormatDateTime(Mid(d,9,4)+"/"+Mid(d,13,2)+"/"+Mid(d,15,2),2)
    Else
      'Date not stored! Let's default something. ;)
      fnFormatDate = "Not Recorded."
    End If
End Function



' +----------------------------------------------------------------------------+
' | Run Spy.htm file                                                           |
' +----------------------------------------------------------------------------+
Sub RunSpyHtmFile()
    ' Check that spy.htm exists.   
    If not oFSO.FileExists(spyPath) Then
      MsgBox "For some odd reason, the spy file does not exist:"+vbCRLF+vbCRLF+spyPath+vbCRLF+vbCRLF+"Unfortunately, no surfing history can be tracked. (cyber_flash@hotmail.com)", VBOKonly, "Exiting (code=2)"
      CleanupQuit
    Else
      oWShell.Run chr(34)+spyPath+chr(34)
    End If
End Sub



' +----------------------------------------------------------------------------+
' | Delete Index.dat files                                                     |
' +----------------------------------------------------------------------------+
Sub DeleteIndexFiles()
    Dim elem
      
    If MsgBox ("Would you like to delete specific Index.dat files?", 65, "Notice")=1 Then     
      For Each elem In arrFiles
        If MsgBox ("Delete file?"&vbcrlf&vbcrlf&elem, 65, "Delete?")=1 Then
          On Error Resume Next
          oFSO.DeleteFile elem
          If Err.Number <> 0 Then      
            MsgBox "Error # " & CStr(Err.Number) & " " & Err.Description
            Err.Clear
          End If
          If oFSO.FileExists(elem) Then
            MsgBox "Most likely the file is in use by " & Machine & ":"+vbCRLF+vbCRLF+elem,VBOKonly,"File not deleted!"
          End If
        End If
      Next
    End If
End Sub



' +----------------------------------------------------------------------------+
' | Launch IE Dialog Box and Progress bar                                      |
' +----------------------------------------------------------------------------+
' Shamelessly copied from: [URL unfurl="true"]http://cwashington.netreach.net/depo/view.asp?Index=796&ScriptType=vbscript[/URL]
Private Sub StartIE(strTitel)

    Dim objDocument
    Dim objWshShell

    Set objIE = CreateObject("InternetExplorer.Application")

    objIE.height = 160
    objIE.width = 400

    objIE.menubar = False
    objIE.toolbar = false
    objIE.statusbar = false
    objIE.addressbar = false
    objIE.resizable = False

    objIE.navigate ("about:blank")

    While (objIE.busy)
    wend

    set objDocument = objIE.document
    
    WriteHtmlToDialog objDocument, strTitel
    
    set objTextLine1 = objIE.document.all("txtMilestone")
    set objTextLine2 = objIE.document.all("txtRemarks")
    Set objProgressBar = objIE.document.all("pbText")
    set objQuitFlag = objIE.document.Secret.pubFlag

    objTextLine1.innerTEXT = ""
    objTextLine2.innerTEXT = ""

    ' objIE.document.body.innerHTML = "Building Document..." + "<br>load time= " + n
    objIE.visible = True

    Set objWSHShell = WScript.CreateObject("WScript.Shell")
    objWshShell.AppActivate("Microsoft Internet Explorer")
End Sub



Private Function CloseIE()
        On Error Resume Next
        objIE.quit
End Function



Private sub SetLine1(sNewText)
        On Error Resume Next
        objTextLine1.innerTEXT = sNewText
End Sub



Private sub SetLine2(sNewText)
        On Error Resume Next
        objTextLine2.innerTEXT = sNewText
End Sub



Private function IsQuit()
        On Error Resume Next
        IsQuit=True
        If objQuitFlag.Value<>"quit" Then
          IsQuit=False
        End If
End function



Private Sub WriteHtmlToDialog(objDocument, strTitel)
    objDocument.Open
    objDocument.Writeln "<title>" & strTitel & "</title> "
    objDocument.Writeln "<style>"
    objDocument.Writeln " BODY {background: #CCCCFF} BODY { overflow:hidden }"
    
    objDocument.Writeln " P.txtStyle {color: Navy; font-family: Verdana; " _
        & " font-size: 10pt; font-weight: bold; margin-left: 10px } "
        
    objDocument.Writeln " input.pbStyle {color: Navy; font-family: Wingdings; " _
         & " font-size: 10pt; background: Silver; height: 20px; " _
         & " width: 340px } "
         
    objDocument.Writeln "</style>"
    objDocument.Writeln "<div id=""objProgress"" class=""Outer""></div>"

    objDocument.Writeln "<CENTER>"
    objDocument.Writeln "<b><SPAN id=txtMilestone class='txtStyle' style='margin-left: 10px'></SPAN>"
    objDocument.Writeln "<font color=green><SPAN id=txtRemarks class='txtStyle' style='margin-left: 10px'></SPAN></font><b>"
    objDocument.Writeln "<br><br>" ' space down a little

    objDocument.Writeln "<input type='text' id='pbText' class='pbStyle' value='' >"
    objDocument.Writeln "<br><br>" ' space down a little

    objDocument.Writeln "<input type='button' value='Cancel' " _
                & " onclick='SetReturnFlag(""quit"")' >"
    objDocument.Writeln "</CENTER>"

    objDocument.Writeln "<form name='secret' >" _
                & " <input type='hidden' name='pubFlag' value='run' >" _
                & "</form>"

    objDocument.Writeln "<SCRIPT LANGUAGE='VBScript' >"

    objDocument.Writeln "Sub SetReturnFlag(sFlag)"
    objDocument.Writeln " secret.pubFlag.Value = sFlag"
    objDocument.Writeln " txtMileStone.style.color = ""Red"" "
    objDocument.Writeln " txtRemarks.style.color = ""Red"" "
    objDocument.Writeln "End Sub"

    objDocument.Writeln "Function PctComplete(nPct)"
    objDocument.Writeln "pbText.Value = String(nPct,"" "") & String(4,""n"")"
    objDocument.Writeln "End Function"

    objDocument.Writeln "Sub UpdateProgress()"
    objDocument.Writeln "Dim intStep"
    objDocument.Writeln "Dim intDirection"
    
    objDocument.Writeln "If (IsNull(objProgress.getAttribute(""Step"")) = True) Then"
    objDocument.Writeln "intStep = 0"
    objDocument.Writeln "Else"
    objDocument.Writeln "intStep = objProgress.Step"
    objDocument.Writeln "End If"
    
    objDocument.Writeln "if (IsNull(objProgress.GetAttribute(""Direction""))=True) Then"
    objDocument.Writeln "intDirection = 0"
    objDocument.Writeln "Else"
    objDocument.Writeln "intDirection = objProgress.Direction"
    objDocument.Writeln "End If"
    
    objDocument.Writeln "if intDirection=0 then"
    objDocument.Writeln "intStep = intStep + 1"
    objDocument.Writeln "else"
    objDocument.Writeln "intStep = intStep - 1"
    objDocument.Writeln "end if"
    
    objDocument.Writeln "Call PctComplete(intStep)"
    
    objDocument.Writeln "if intStep>=23 then"
    objDocument.Writeln "intDirection=1"
    objDocument.Writeln "end if"
    objDocument.Writeln "if intStep<=0 then"
    objDocument.Writeln "intDirection=0"
    objDocument.Writeln "end if"
    
    objDocument.Writeln "objProgress.SetAttribute ""Step"", intStep"
    objDocument.Writeln "objProgress.SetAttribute ""Direction"", intDirection"
    
    objDocument.Writeln "Window.setTimeout GetRef(""UpdateProgress""), " & conBarSpeed
    objDocument.Writeln "End Sub"

    objDocument.Writeln "Sub DialogHardTimeout()"
    objDocument.Writeln "SetReturnFlag(""quit"")"
    objDocument.Writeln "End sub"
    
    objDocument.Writeln "Sub Window_OnLoad()"
    objDocument.Writeln "theleft = (screen.availWidth - document.body.clientWidth) / 2"
    objDocument.Writeln "thetop = (screen.availHeight - document.body.clientHeight) / 2"
    objDocument.Writeln "window.moveTo theleft,thetop"
    objDocument.Writeln "Window.setTimeout GetRef(""UpdateProgress""), " & conBarSpeed
    objDocument.Writeln "Window.setTimeout GetRef(""DialogHardTimeout""), " & conForcedTimeOut
    objDocument.Writeln "End Sub"
    
    objDocument.Writeln "</SCRIPT>"
     
    objDocument.Close

End Sub



' +----------------------------------------------------------------------------+
' | All good things come to an end.                                            |
' +----------------------------------------------------------------------------+

 

[bambock]

There is a utility called "pasco" that will allow you to analyze web browser data, as well. One note is to make sure your organization has given you the authority to monitor other users in this way, so that you don't become liable.

core

 

[jcthomas]

There is a freeware program called spyarsenal you can download the internet spy on the machine you want and it creates a log file that you can share to monitor the log from any desktop on your network. Here is the site

http://www.spyarsenal.com/download.html