Get URLs of the sites visited


I am trying to write a minifilter that more or less captures everything that happens in the kernel and was wondering if I could also capture “URLs”; I stumbled upon windivert which seems to be using a .sys driver and also another thread which says we cannot get URLs in driver mode which leaves me a bit confused. If it is true then how does windivert do it?

I understand there is something called network redirect under minifilters on, wouldn’t it be capturing all URLs in some way?

Is there a better way to capture all visited URLs in real time?

Thanks in advance for any help or directions.