Stealing Firefox Credentials

by Vince
in Blog
Hits: 154

I frequently give this talk titled:  "Securing Your Small Business" but the content of the talk actually applies to both small businesses and individuals.  The gist of it is basic security hygiene and one of the topics I discuss is passwords and password managers.  In that part of the talk, I show how a password manager can auto-populate the fields of a login.  One of the comments I would frequently hear -- turned into a slide.  The comment:  "My web browser can do that."  My reply:  "I can steal your browser passwords."  And I typically follow that up with something along the lines of it being "trivial" and that I'm unable to easily steal passwords from password managers.  That pretty much sets up this post...

Stealing browser passwords is the kind of granularity in an assessment that is too fine and it could also get personal which is something I'd like to avoid.  But I happen to be in a situation where it was necessary and I looked back through the posts on this site and although I thought I'd written on the subject, it turns out, I had not -- or I can find the original post.  In either case, we're going to steal Firefox credentials and... it's "trivial". 

First, we need the tool from Github:



We can manually grab the files or in my case, I'm just going to dump them with Metasploit:


If you want to see the mechanics of this entire process, you can search out this "How To":


However, the condensed version is get the Github tool, extract the files, and rename as you see below:


Once you have the files with their proper names, we run the tool:


As you can see, it provides the URL, username, and password.  Did I mention it was... "trivial" ?

In my talk, I recommend using 1Password or LastPass but there are plenty of password managers that can do the job.  Once the password manager is setup, remove all of the passwords from your browsers.  And that's basically the summary of that section of my talk with a visual aid on the actual browser password stealing.