SecurityXploded.com
FirePasswordViewer : Firefox Sign-on Secrets Recovery Software | www.SecurityXploded.com
 
 
FirePasswordViewer
See Also
 
 
 
Contents
 
 
About
FirePasswordViewer is the GUI version of popular FirePassword tool to instantly recover login passwords stored by Firefox.

Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format.

FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password.


Also it can be used to recover passwords from different profile (for other users on the same system) as well as from the different Operating system (such as Linux, Mac etc). This greatly helps Forensic Investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.


This mega version brings in major changes to support latest Firefox v25.0 and new GUI interface with cool banner.


It works on wider range of platforms starting from Windows XP to Windows 8.

 
 
 
Features
  • Instantly decrypt and recover stored passwords from 'Firefox Secret Store' for all versions of Firefox.

  • Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover the passwords.

  • It can recover passwords from Firefox even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the passwords.

  • Automatically discovers Firefox profile location based on installed version of Firefox.

  • Passwords are not shown by default for security reasons as it is sensitive data. However user can toggle this behavior using 'Show Password' button.

  • Sort feature to arrange the displayed password list by username, password or website which makes it easy to search through 100's of entries.

  • Save the recovered Firefox password list to HTML/XML/Text/CSV file

  • Easier and faster to use with its enhanced user friendly interface.

  • It comes with Installer to help in local Installation & Uninstallation.

 
 
About Firefox Password Manager
Firefox has a built-in password manager tool which stores username and passwords for all the visited websites. These credentials are stored in the encrypted form in the Firefox profile's database files such as key3.db and signons.txt.

The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc.

Signons.txt file contains the actual sign-on information
  • Reject Host list : List of websites for which user don't want Firefox to remember the credentials.

  • Normal Host List : Each host URL is followed by username and password.
 
 
How it Works?
Firefox till version 3.5 stores the sign-on secrets in signons.txt file located in the Firefox profile directory. With version 3.5 onwards Firefox started storing the sign-on secrets in Sqlite database file named 'signons.sqlite'. The structure of sign-on information stored in the signons.txt file (signons2.txt for version 2 and signons3.txt for version 3) and signons.sqlite for version 3.5 onwards is described below...
 
For Firefox < version 2.0
  • First comes the sign-on file header which is always "#2c"
  • Next comes the reject host list in clear text, one per line and terminated with full stop.
  • After that normal host list is stored in the following format
    • Host URL
      • Name  (username or *password)
      • Value (encrypted)
      • .(full stop)
 
For Firefox version 2.0
  • First comes the sign-on file header which is always "#2d"
  • Next comes the reject host list in clear text, one per line and ends with full stop.
  • After that normal host list is stored in the following format
    • Host URL
      • Name  (username or *password)
      • Value (encrypted)
      • Subdomain URL
      • .(full stop)
 
For Firefox version 3.0 and below 3.5
  • First comes the sign-on file header which is always "#2e"
  • Next comes the excluded host list in clear text, one per line and ends with full stop.
  • After that saved host list is stored in the following format
    • Host URL
      • Name  (username or *password)
      • Value (encrypted)
      • Subdomain URL
      • --- (Dashed line denoting the end of host entry)
      • .(full stop)
For Firefox version 3.5 and above

The new signons.sqlite database file has two tables moz_disabledHosts and moz_logins. The moz_disabledHosts table contains list of excluded websites which are exempted from storing passwords by user. The moz_logins table contains all the saved website passwords. Here is more detailed description of each tables...

  • table - moz_disabledHosts
    • id - index of each entry
    • hostname - blacklisted website URL

  • table - moz_logins
    • id - index of each entry
    • hostname - base website URL
    • httpRealm -
    • formSubmitURL - Actual website hosting URL for which secrets are saved.
    • usernameField - name of username element of form field
    • passwordField - name of password element of form field
    • encryptedUsername - encrypted username
    • encryptedPassword - encrypted password
    • guid - unique GUID for each entry
    • encType - value 1 indicates encrypted

Here each Host entry can have multiple username/password pairs. Starting from Firefox version 2.0, sub domain URL is also included along with username/password entry. If it is the password field then it begins with '*'. This is the key in distinguishing between username and password entry.

Now once the username and password values are extracted, next task is to decrypt them. Information required to decrypt these values is stored in key3.db file. If the master password is set, then you must provide the master password to proceed with decryption.

If you have forgotten the master password, then you can use Firemaster tool to recover the master password. If the master password is set and if you have not provided it, then FirePasswordViewer will prompt you to enter the master password.

 
 
 
Installation & Un-installation
FirePasswordViewer comes with Installer to make it easier to install it locally on your system for regular usage. This installer has intuitive wizard which guides you through series of steps in completion of installation.
 
At any point of time, you can uninstall the product using the Uninstaller located at following location (by default)
 
[Windows 32 bit]
C:\Program Files\SecurityXploded\FirePasswordViewer

[Windows 64 bit]
C:\Program Files (x86)\SecurityXploded\FirePasswordViewer
 
 
 
How to Use?
FirePasswordViewer is easy to use tool with cool GUI interface.

Here are the brief usage details.
  • Launch FirePasswordViewer on your system after Installation.

  • On running, FirePasswordViewer automatically populates the Firefox profile location if it is already installed. Otherwise you can enter the profile location manually.

  • If you have set the master password for your Firefox, then you need to specify the same in the master password box.

  • Once the profile location is specified, you can click on 'Start Recovery' button and FirePasswordViewer will instantly recover all passwords from Firefox sign-on store.

  • Finally you can save all recovered password list to HTML/XML/Text/CSV file by clicking on 'Export' button and then select the type of file from the drop down box of 'Save File Dialog'.
 
You can also use FirePasswordViewer to recover passwords from different system either Windows or Linux. In that case just copy Firefox profile data from remote system to local machine and then specify that path in the profile location field for recovering the passwords.
 
 
 
Screenshots
 Screenshot 1: FirePasswordViewer showing the recovered passwords from Firefox sign-on password store.
 
FirepasswordViewer showing the sign-on information
[click here to view enlarged image]
 
 Screenshot 2: Recovered Firefox password list stored in HTML format by FirePasswordViewer
 
FirepasswordViewer showing the saved sign-on html file
[click here to view enlarged image]
 
 
 
Testing Results
FirePasswordViewer is successfully tested with  Firefox version 1.0 to latest version 26.0 and should work with any Firefox greater than version 1.0

If you encounter any problem with FirePasswordViewer, then please drop a mail to me mentioning your Firefox version and any other details which will help in fixing the problem.
 
 
 
Acknowledgement
Thanks to the Mozilla-Firefox crew for making such an excellent and beautiful browser.  
 
 
 
Release History
Version 5.5: 3rd Jan 2014
New feature to generate password recovery report in CSV (Comma-Seperated Values) File Format.
 
Version 5.0: 22nd July 2013
Mega version with major enhancements to support latest Firefox version 22.0. Also presents new GUI interface with cool banner.
 
Version 4.5: 19th Feb 2013
Support for quick Drag & Drop of Firefox Install & Profile paths. Tested successfully with latest Firefox version v19.0.
 
Version 4.0: 9th Nov 2012
Added right click context menu to quickly copy the selected password. Tested successfully with Firefox v16.0.2
 
Version 3.5  17th Apr 2012
Support for saving password list to XML/Text file along with existing support for HTML format. Enhanced user interface.
 
Version 3.0  5th Jan 2012
Support for latest version of Firefox 9.0.1, Improved report, New Banner & version updates.
 
Version 2.7:  28th Mar 2011
Added new logo, link for passwordforensics.com in about section and few bug fixes.
 
Version 2.6:  10 Jan 2011
Fixed the crash issue with non-english version of Windows on x64 bit platforms.
 
Version 2.5:  8 Nov 2010
Integrated Installer to support local installation and uninstallation.
 
Version 2.2:  28 Sep 2010
Support for portable installation of Firefox.  Automatic update version checker is integrated.
 
Version 2.1:  26 May 2010
Now FirePasswordViewer loads the Firefox binaries automatically on the fly and those binaries will not be shipped any more. Also FirePasswordViewer shows GREEN on virustotal analyais, earlier there was false reporting it as trozan.
 
Version 2.0:  3 May 2010
New look & feel with sorted list control to display the recovered passwords, show/hide password button to show/hide the passwords.
 
Version 1.5 :  2nd Dec 2009
This version comes with support for Windows 7. Also buttons now looks better with icons and new win7 banner.
 
Version 1.2.2 :  21st Aug 2009
Support for recovering the passwords from Sqlite signon database file used by latest Firefox version 3.5.
 
Version 1.0.1 :  10th June 2009
First public release of FirePasswordViewer which is the GUI version of popular FirePassword tool.
 
 
 
Download
FREE Download FirePasswordViewer v5.5

License  : Freeware
Platform : Windows XP, 2003, Vista, Windows 7, Windows 8

Download
 
 
 
See Also