| |
| |
| FirePassword |
|
| |
| |
|
|
|
| |
| |
| |
|
|
| |
| |
|
FirePassword is first ever tool (back in early 2007) written to recover the website login passwords stored by Firefox.
Like other browsers,
Firefox also stores the login details such as username,
password for every website visited by the user at the user
consent. All these secret details are stored in Firefox
sign-on database securely in an encrypted format.
FirePassword can instantly decrypt and recover these secrets
even if they are protected with Master Password.
Also FirePassword can be used to recover sign-on passwords
from different profile (for other users on the same system) as
well as from the different operating system (such as Linux, Mac
etc). This greatly helps forensic investigators who can copy the
Firefox profile data from the target system to different machine
and recover the passwords offline without affecting the target
environment.
It works on wider range of
platforms starting from Windows XP to latest operating system, Windows 8. |
| |
| |
| |
|
- Instantly decrypt and recover stored encrypted passwords from 'Firefox
Sign-on Secret Store' for all versions of Firefox.
- Recover Passwords from Mozilla based SeaMonkey browser also.
- Supports recovery of passwords from local system as well
as remote system. User can specify Firefox profile location from the remote system to recover
the passwords.
- It can recover passwords from Firefox secret store even when it is
protected with master password. In such case user have to enter the correct master
password to successfully decrypt the sign-on passwords.
- Automatically discovers Firefox profile location based on installed
version of Firefox.
- On successful recovery operation, username, password along with a
corresponding login website is displayed
- Fully Portable version
- Integrated
Installer for assisting you in local Installation & Uninstallation.
|
| |
| |
|
|
Firefox has a built-in password manager tool
which stores username and passwords for all the visited websites. These
credentials are stored in the encrypted form in the Firefox
profile's database files such as key3.db and signons.txt.
The key3.db file
contains master password related information such as encrypted password check string, salt,
algorithm and version information etc.
Signons.txt file contains the actual sign-on information
-
Reject Host list : List of websites for which user
don't want Firefox to remember the credentials.
-
Normal Host List : Each host URL is followed by username and
password.
|
|
| |
| |
|
Firefox till version 3.5 stores the sign-on secrets in signons.txt
file located in the Firefox profile directory. With version 3.5 onwards
Firefox started storing the sign-on secrets in Sqlite database
file named 'signons.sqlite'. The structure of sign-on information
stored in the signons.txt file (signons2.txt for version 2
and signons3.txt for version 3) and signons.sqlite for version
3.5 onwards is described below...
|
| |
-
First comes the sign-on file header which is
always "#2c"
-
Next comes the reject host list in clear text,
one per line and terminated with full stop.
-
After that normal host list is stored in the
following format
-
Host URL
- Name (username or *password)
- Value (encrypted)
- .(full stop)
|
-
First comes the sign-on file header which is
always "#2d"
-
Next comes the reject host list in clear text,
one per line and ends with full stop.
-
After that normal host list is stored in the
following format
-
Host URL
- Name (username or *password)
- Value (encrypted)
- Subdomain URL
- .(full stop)
|
-
First comes the sign-on file header which is
always "#2e"
-
Next comes the excluded host list in clear text,
one per line and ends with full stop.
- After that saved host list is stored in the
following format
-
Host URL
- Name (username or *password)
- Value (encrypted)
- Subdomain URL
- --- (Dashed line denoting the end of host entry)
- .(full stop)
|
|
The new signons.sqlite database file has two tables
moz_disabledHosts and moz_logins. The moz_disabledHosts table contains
list of excluded websites which are exempted from storing passwords by
user. The moz_logins table contains all the saved website passwords. Here is
more detailed description of each tables...
-
table - moz_disabledHosts
- id - index of each entry
- hostname - blacklisted website URL
-
table - moz_logins
- id - index of each entry
- hostname - base website URL
- httpRealm -
- formSubmitURL - Actual website URL for which secrets are saved.
- usernameField - name of username element of form field
- passwordField - name of password element of form field
- encryptedUsername - encrypted username
- encryptedPassword - encrypted password
- guid - unique GUID for each entry
- encType - value 1 indicates encrypted
|
|
|
Here each Host entry can have multiple
username/password pairs. Starting from Firefox version 2.0, sub domain
URL is also included along with username/password entry. If it is the password
field then it begins with '*'. This is the key in distinguishing
between username and password entry.
Now once the username and password values are extracted, next task is to decrypt them. Information
required to decrypt these values is stored in key3.db file. If the
master password is set, then you must provide the master password to
proceed with decryption. If you have forgotten the master password, then
you can use
Firemaster
tool to recover the master password. If the master password is set and if you have not
provided it, then FirePassword will prompt you to enter the master
password. |
| |
| |
| |
|
| It comes with
Installer so that you can install it locally on your system for regular usage. This
installer has intuitive wizard (as shown in the screenshot below) which
guides you through series of steps in completion of installation. |
| |
| At any point of time, you can uninstall the product using the
Uninstaller located at following location (by default) |
| |
[Windows 32 bit]
C:\Program Files\SecurityXploded\FirePassword
[Windows 64 bit]
C:\Program Files
(x86)\SecurityXploded\FirePassword |
| |
| |
| |
|
| Here is the general usage information |
|
FirePassword.exe [-o outputfile] [-m
masterpassword] [-p firefox_profilepath]
Options:
-o output file to write passwords
-m specify the master password
-p profile path of Firefox
|
|
| |
| For default profile or current profile location
of Firefox, do not specify the profile path with -p option. In such
cases FirePassword will automatically recover passwords from default
profile. |
| |
| FirePassword is the console tool,
hence you need to run it from cmd prompt. Here are the brief
usage instructions |
- Launch the cmd prompt and move to folder where you have
copied FirePassword.exe
- Next run it by typing 'FirePassword.exe'. It will
automatically discover current Firefox profile and recover all
the stored passwords.
- If you have protected Firefox with master password
then you have to specify it using -m option like
'FirePassword.exe -m mypassword' to recover the passwords
successfully.
- On successful recovery operation, FirePassword
displays login website URL, username and password for all the
stored websites. It also displays excluded website list as well.
- If you wants to save the password list to file then
you can issue following command, 'FirePassword.exe >
passlist.txt'
|
You can also copy the Firefox profile files from different operating
system such as Linux, Mac to the Windows system locally and then specify
that path with the FirePassword to recover passwords from such offline
profile.
Now you can recover login passwords from Mozilla based SeaMonkey browser by specifying profile path with -p option |
| |
| |
| |
|
 |
| |
| |
| |
|
FirePassword is successfully tested
with Firefox version 1.0 to latest version 19.0 and
should work with any Firefox greater than version 1.0
If you encounter any problem with FirePassword, then please drop a
mail to me mentioning your Firefox version and any other details which will
help in fixing the problem.
|
| |
| |
| |
|
FirePassword is not a hacking tool as it can recover only
your stored passwords. It cannot recover the passwords for other users
unless you have right credentials.
Like any tool its use either good or
bad, depends upon the user who uses it. However Author or
SecurityXploded is not
responsible for any damage caused due to misuse of this tool.
Read complete License & Disclaimer terms
here. |
| |
| |
| |
|
- Thanks to the Mozilla-Firefox crew for making such an excellent
and
beautiful browser.
- Thanks to Stefano for informing and
providing code to make the FirePassword to support Firefox version 2.0
|
| |
| |
|
|
| Now you can recover login passwords from Mozilla based SeaMonkey browser by specifying profile path with -p option |
| |
|
| Successfully tested with latest version of Firefox v17.0 on Windows 8. Minor improvements in usage display. |
| |
|
| Support for latest version of Firefox v10.0.1, Removed confusing username/password field names from the report. |
| |
| Minor bug fix in the code. |
| |
| Integrated Installer for local Installation & Uninstallation. Added
feature to output directly to local file instead of console. Improved on
display of results and error messages. |
| |
| Dynamically loads Firefox DLLs from its installed location. Color
based display to clearly view the password information. |
| |
| Support for Windows 7. The errors messages are now shown in
RED color so that they are clearly seen. |
| |
| Support for recovering the passwords from Sqlite signon database
file used by latest Firefox version 3.5. |
| |
Fixed the application data folder problem with Vista.
Also it contains some of the security related changes. |
| |
| Support for Firefox version 3.0 with its new signon file format. |
| Other enhancements related to user friendliness and clear display. |
| |
| Support for Firefox version 2.0. New signon format is explained
below. |
| Few minor bug fixes and formatting of the result display. |
| |
| Finally much awaited FirePassword source code is released. |
| Master Password checking is improved and now its done at beginning
itself. |
| Removed the Gecko-SDK dependency completely. |
| Tested successfully with latest Firefox version 1.5.0.4 |
| |
| Few bug fixes here and there. |
| Thanks to Nemo for reporting the bug in base64 handling
routine. |
| |
| Static library dependency removed. Now libraries are loaded
dynamically. |
| Support for wider range of Firefox versions. |
| Automatically detects Firefox profile directory if not specified. |
| |
| First public release of FirePassword. |
| |
| |
|
| |
|
|
|
| |
| |
|
| |
| |
| |
|
|
|
| |
| |
| |
| |
| |
| |
| |
| |
