So, here is the quest. You need to discover the password of your best friend. Although this might seem morally reprehensible you are moved by nobel and deep reasons. You need to check in his email and discover if he is having an affair with your wife. You can’t just confront him if you are not sure. Nor can you run the risk of confronting your wife before you are sure.
We will assume that you have access to your best mate computer. After all he trusts you, right. And with reasons, you would never do anything against him… normally. But this time it’s different. If he has been seducing your angel, he deserves the worse.
We will also assume that your best friend is really into security, and since firefox is a more secure system, he uses firefox. Daily. And as a final assumption we shall assume that since he keeps his mail on the web, and accesses it through the browser. Let’s assume it’s on Yahoo.
This is what you need to do:
- Get his computer, in a moment he is out for launch (with your lady, bastard!), and lock yourself for the work. You will need privacy for this. If you are confronted you can always say you were wanking at the thought of the next (war in Iran/fall of Bush: choose whatever is appropriate)
- Open Firefox, if it is not already open, go to the mozilla homepage and downloadWeb Developer 1.0.2
- Close the browser
- Open the browser
- Go to the mail service that your soon to be ex-friend uses (yahoo, gmail, gmx, …)
- Write your friend username in the appropriate form
- wait for the password to appear (resist the temptation to actually open the mail. You need the password to check for the mail in later time from your computer). The password will usually appear as a series of asterisks, like this:*******. We need to clear that out.
- Go to the Tools Menu. Open the Web Developer submenu. Open the Forms sub sub menu
- Click on Show Password. The password will now appear cleared. Copy it.
- Since you are there get also his other extra passwords, you know Amazon, PayPal.
- If the password to a page is not available as presaved in the form, there is no problem:
- (a) try the previous passwords (many people reuse the same password),
- (b) just declare that you have lost your password, get a new password mailed to your friend (you have access to his mail, after all), and then delete the mail.
- Now you need to delete the traces: Go under Tools, Extensions, and uninstall the web developer 1.02 (this is great, btw, firefox use to keep all the extensions that have been used. Now when you uninstall them they are actually deleted)
- Leave back the computer as your “friend” left it
- Go get yourself something to eat before the launch break is over
A note, if you enjoyed this entry you are welcome to link it. But if you actually intend to use it, please forget this entry and do not put any link to me. For one time I’ll be fine with a bit less pubblicity
Note for american lawyers (sorry guys, some people need things to be actually explained to them): I don’t condone password stealing. Here I am actually exposing a vulnerability with the hope that it gets cleared.
No related posts.
I don’t think this a vulnerability. When you decide to save passwords Firefox tells you that they could be easily retrieved, because the passwords must be stored in a recoverable way (in fact, they are encoded in Base 64).
Futhermore, you can show the saved passwords without the Web Developer extension. You simply go to Preferences dialog, Privacy tab, View saved passwords, click on the ‘Show passwords’ button and then you have the list of all passwords.
If you really want to secure your passwords you can set a Master password. You can see more about this on Lifehacker:
http://www.lifehacker.com/software/geek-to-live/geek-to-live-secure-your-saved-passwords-in-firefox-154099.php
(BTW: This form doesn’t work with Firefox 1.5.0.1 on Linux. I had to hack it with the DOM inspector and change the onclick method of the button. )
I don’t think this a vulnerability. When you decide to save passwords Firefox tells you that they could be easily retrieved, because the passwords must be stored in a recoverable way (in fact, they are encoded in Base 64).
Futhermore, you can show the saved passwords without the Web Developer extension. You simply go to Preferences dialog, Privacy tab, View saved passwords, click on the ‘Show passwords’ button and then you have the list of all passwords.
If you really want to secure your passwords you can set a Master password. You can see more about this on Lifehacker:
http://www.lifehacker.com/software/geek-to-live/geek-to-live-secure-your-saved-passwords-in-firefox-154099.php
(BTW: This form doesn’t work with Firefox 1.5.0.1 on Linux. I’ll have to hack it with the DOM inspector and change the onclick method of the button. )
Thanks for the double tip. I tried to hack the form to add cocomment but obviously did not succeed. I shall try again another time. For now I have downgraded back to the previous version.