Password Recovery Tools - FirePasswordViewer - 13 March 2012 - Blog - | LINUX - SECURITY |
Saturday, 2016-12-03, 6:35 PM
Welcome Guest | RSS
Statistics

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
1* METASPLOIT
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
EVERYTHING ABOUT LINUX - UBUNTU & BACKTRACK - (NEWS, VIDEOS, TUTORIALS, ... )
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more : http://vishnuvalentino.com/about/
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
MEMES PICTURES [0]
Entries archive
Shopping


Follow us
facebook
Main » 2012 » March » 13 » Password Recovery Tools - FirePasswordViewer
1:21 AM
Password Recovery Tools - FirePasswordViewer

FirePasswordViewer is the GUI version of popular FirePassword tool to recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password.
Also FirePasswordViewer can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.
New version brings in the Installer to locally install FirePasswordVieweer on your system. It has intuitive setup wizard which guides you through series of steps in easy Installation as well as Uninstallation.
FirePasswordViewer is fully portable tool which works on wider range of platforms starting from Windows XP to latest operating system, Windows 7.
 
Features of FirePasswordViewer

Here are the highlights of top features of FirePasswordViewer which makes it stand apart from other similar tools including commercial ones.
     Instantly decrypt and recover stored encrypted passwords from 'Firefox Sign-on Secret Store' for all versions of Firefox.
     Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover  the passwords.
     It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords.
     Automatically discovers Firefox profile location based on installed version of Firefox.
     Passwords are not shown by default for security reasons as it is sensitive data. However user can toggle this behavior using 'Show Password' button.
     On successful recovery operation, username, password along with a corresponding login website is displayed.
     Sort feature to arrange the displayed password list by username, password or website which makes it easy to search through 100's of entries.
     Save the recovered Firefox password list to HTML file for transferring to other system or for future use.
     Easier and faster to use with its enhanced user friendly interface.
     Completely Portable Tool which also comes with optional Installer for assisting you in local Installation & Uninstallation.

About Firefox Password Manager

Firefox has a built-in password manager tool which stores username and passwords for all the visited websites. These credentials are stored in the encrypted form in the Firefox profile's database files such as key3.db and signons.txt.

The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc.

Signons.txt file contains the actual sign-on information

    Reject Host list : List of websites for which user don't want Firefox to remember the credentials.

    Normal Host List : Each host URL is followed by username and password.

 
Internals of FirePasswordViewer
Firefox till version 3.5 stores the sign-on secrets in signons.txt file located in the Firefox profile directory. With version 3.5 onwards Firefox started storing the sign-on secrets in Sqlite database file named 'signons.sqlite'. The structure of sign-on information stored in the signons.txt file (signons2.txt for version 2 and signons3.txt for version 3) and signons.sqlite for version 3.5 onwards is described below...
 
For Firefox < version 2.0

    First comes the sign-on file header which is always "#2c"
    Next comes the reject host list in clear text, one per line and terminated with full stop.
    After that normal host list is stored in the following format
        Host URL
            Name  (username or *password)
            Value (encrypted)
            .(full stop)

 
 For Firefox version 2.0

    First comes the sign-on file header which is always "#2d"
    Next comes the reject host list in clear text, one per line and ends with full stop.
    After that normal host list is stored in the following format
        Host URL
            Name  (username or *password)
            Value (encrypted)
            Subdomain URL
            .(full stop)

 
 For Firefox version 3.0 and below 3.5

    First comes the sign-on file header which is always "#2e"
    Next comes the excluded host list in clear text, one per line and ends with full stop.
    After that saved host list is stored in the following format
        Host URL
            Name  (username or *password)
            Value (encrypted)
            Subdomain URL
            --- (Dashed line denoting the end of host entry)
            .(full stop)

 
 For Firefox version 3.5 and above

The new signons.sqlite database file has two tables moz_disabledHosts and moz_logins. The moz_disabledHosts table contains list of excluded websites which are exempted from storing passwords by user. The moz_logins table contains all the saved website passwords. Here is more detailed description of each tables...

    table - moz_disabledHosts
        id - index of each entry
        hostname - blacklisted website URL

    table - moz_logins
        id - index of each entry
        hostname - base website URL
        httpRealm -
        formSubmitURL - Actual website hosting URL for which secrets are saved.
        usernameField - name of username element of form field
        passwordField - name of password element of form field
        encryptedUsername - encrypted username
        encryptedPassword - encrypted password
        guid - unique GUID for each entry
        encType - value 1 indicates encrypted

Here each Host entry can have multiple username/password pairs. Starting from Firefox version 2.0, sub domain URL is also included along with username/password entry. If it is the password field then it begins with '*'. This is the key in distinguishing between username and password entry.

Now once the username and password values are extracted, next task is to decrypt them. Information required to decrypt these values is stored in key3.db file. If the master password is set, then you must provide the master password to proceed with decryption. If you have forgotten the master password, then you can use Firemaster tool to recover the master password. If the master password is set and if you have not provided it, then FirePasswordViewer will prompt you to enter the master password.

Installing FirePasswordViewer

Though FirePasswordViewer is a Portable tool, it comes with Installer so that you can install it locally on your system for regular usage. This installer has intuitive wizard (as shown in the screenshot below) which guides you through series of steps in completion of installation. At any point of time you can use Uninstaller to remove the software from the system.
 
FirePasswordViewer 3.0

License  : Freeware
Platform : Windows XP, 2003, Vista, Win7

Source : http://securityxploded.com/firepasswordviewer.php
Category: # Tools | Views: 2758 | Added by: Administrator | Tags: FirePasswordViewer | Rating: 0.0/0
Total comments: 1
1  
i want to download software

Name *:
Email *:
Code *:
Visitors

Share This On:
Google Translator
Search
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  March 2012  »
SuMoTuWeThFrSa
    123
45678910
11121314151617
18192021222324
25262728293031