Security Xploded
 
  |    Home    |    Projects    |    Research    |    Articles     |    Security Tools    |    Download    |    Blog    |    About    |
 
 
 
 
 
 
 
 
 
 
FirePassword
The Firefox Username & Password List Decryptor

 
 
History
 
Version 2.5 : 18th June 2008
Support for Firefox version 3.0 with its new signon file format.
Other enhancements related to user friendliness and clear display.
 
Version 2.0 :  3rd March 2007
Support for Firefox version 2.0. New signon format is explained below.
Few minor bug fixes and formatting of the result display.
 
Version 1.7 :  8th July 2006
Finally much awaited FirePassword source code is released under GPL v2.
Master Password checking is improved and now its done at beginning itself.
Removed the Gecko-SDK dependency completely.
Tested successfully with latest Firefox version 1.5.0.4
 
Version 1.6 :  25th Feb 2006
Few bug fixes here and there.
Thanks to Nemo for reporting the bug in base64 handling routine.
 
Version 1.5 :  14th Jan 2006
Static library dependency removed. Now libraries are loaded dynamically.
Support for wider range of Firefox versions.
Automatically detects Firefox profile directory if not specified.
 
Version 1.0 :  1st Jan 2006
First public release of FirePassword.
 
 
About FirePassword
FirePassword is the tool designed to decrypt the username and password list from firefox sign-on database. Firefox stores the username and password information for various sites in its database files. FirePassword works on similar line as Firefox's built-in password manager but it can be used as offline tool to get the username/password information without running the Firefox.
 
 
About Firefox Password Manager
Firefox has a built-in password manager tool which remembers username and passwords for all the visited websites. These credentials are stored in the encrypted from in Firefox database files mainly key3.db and signons.txt residing in user's profile directory. The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc.

Signons.txt file contains following information
  • Reject Host list : List of websites for which you don't want Firefox to remember the credentials.
  • Normal Host List : Each host URL is followed by username and password.
 
Use of FirePassword
FirePassword is an alternative to Firefox's password manager tool. Main advantage of FirePassword is to use it as offline tool without running the Firefox. This is very useful during forensic investigation where one can copy the relevant files from the target system and view the credentials offline without affecting the environment of target system. Also pen testers can use it to view the credentials offline after retrieving sign-on files from the victim system.
 
 
Working of FirePassword
Firefox stores the sign-on credentials in signons.txt file located in the user profile directory. The structure of sign-on information in the signons.txt file (signons2.txt for version 2 and signons3.txt for version 3) is as follows.  

For Firefox < version 2.0
  • First comes the sign-on file header which is always "#2c"
  • Next comes the reject host list in clear text, one per line and terminated with full stop.
  • After that normal host list is stored in the following format
        Host URL
           Name  (username or *password)
           Value (encrypted)
           .(full stop)
 For Firefox version 2.0
  • First comes the sign-on file header which is always "#2d"
  • Next comes the reject host list in clear text, one per line and ends with full stop.
  • After that normal host list is stored in the following format
        Host URL
           Name  (username or *password)
           Value (encrypted)
           Subdomain URL
           .(full stop)
 For Firefox version 3.0
  • First comes the sign-on file header which is always "#2e"
  • Next comes the excluded host list in clear text, one per line and ends with full stop.
  • After that saved host list is stored in the following format
        Host URL
           Name  (username or *password)
           Value (encrypted)
           Subdomain URL
           --- (Dashed line denoting the end of host entry)
           .(full stop)
Here each Host entry can have multiple username/password pairs. Starting from Firefox version 2.0, sub domain URL is also included along with username/password entry. If it is the password field then its name begins with '*'.Now once the username and password values (which are encrypted) are extracted, next task is to decrypt them. Information required to decrypt these values is stored in key3.db file. If the master password is set, then you must provide the master password to proceed with decryption. If you have forgotten the master password, then you can use Firemaster tool to recover the master password. If the master password is set and if you have not provided it, then FirePassword will prompt you to enter the master password.

Once you enter the password,  FirePassword uses same decryption procedure used by Firefox to decrypt the sign-on information.
 
 
Using FirePassword
You have to copy the following files from the Firefox profile directory to temporary directory.
  • key3.db
  • cert8.db
  • signons*.txt
Here is the general usage information

FirePassword [-m "master password" ] <Firefox_Profile_Directory>
    Options:
          -m specify the master password

Firefox_Profile_Directory is the path to the directory where the above 3 files are present. If you don't specify the master password and its set, then you will be prompted to enter the master password before decryption.
 
 
FirePassword in Action
 
Firepassword in Action
 
 
Testing FirePassword
FirePassword is successfully tested with  Firefox version 1.0 to 3.0 and should work with any Firefox version 1.0 or more.

However if the FirePassword fails on your system, then please drop a mail to me mentioning your Firefox version and any other details which will help in fixing the problem.
 
 
Disclaimer
FirePassword is designed with good intention. Like any tool its use either good or bad, depends upon the user who uses it. However author is not responsible for damage caused due to misuse of this tool.
 
 
Acknowledgement
  • Thanks to the Mozilla-Firefox crew for making such an excellent, beautiful, free browser. 
  • Thanks to Stefano for informing and providing code to make the FirePassword to support Firefox version 2.0
 
Download FirePassword
FirePassword source code is released under GPL license. This will help you understand and enhance the features of FirePassword.

FirePassword binary & source download

 
See Also
   FireMaster: The Firefox master password recovery tool.
   NetShareMonitor: Monitor your shares from intruders.
   Recover Windows password in seconds using Rainbow crack.