Powered by Blogger.

Random Posts

Most Recent

Copyrighted.com Registered & Protected 
S4KC-J0UZ-MVHS-Q8FG

Blog Archive

Search This Blog

Blog Archive

AD (728x60)

Recent

Comments

Facebook

Advertising

Flickr Widget

Formulir Kontak

Name

Email *

Message *

Contact us

Name

Email *

Message *

Business

About us

Why to Choose RedHood?


This Site uses cookies. By using the website you (the visitor) agrees to Terms, Privacy Policy And DMCA Policy Of the Website.

Popular Posts

Popular Posts

Sunday, 8 May 2016

How to Steal Password Saved In Chrome, Firefox & Safari

By: | In: , | Last Updated:

Steal saved passwords from Browser


You may be surprised to see that how simple it can be to see your saved password on Google chrome, Mozilla Firefox, Safari and any latest popular browser.

Google chrome is probably the worst in protecting your passwords since it stores them in plain text and it can be accessed by any user accessing google chrome. Other browsers are storing them with login protection e.g. Firefox supports master password to protect all saved passwords.





There are many security threats related to password strength, password reuse, plain text password storage, password hashing and password encryption. In this article we are not focusing on any of those threats, However we are trying to demonstrate that anyone can see your saved password in any browser very easily by following below simple steps. A pro hacker will not even consider this a hack since its so simple and does not even require special knowledge or understanding of hacking or use of any sophisticated hacking tools.

Let me remind you that the purpose of this tutorial is demonstrate how unsafe your passwords are with browser save password feature. Therefore try to avoid using the password save features if you system can be accessed by untrusted people.




It may happen sometimes when you leave your work computer unlocked for few minutes. Therefore must be a strong reason for leaving your workstation locked when stepping out (even if for few minutes).

Please do not use this technique unethically.

 Step 1:  Open your favorite browser (Lets say Chrome). The below steps are going to work same on Latest versions of Safari, Mozilla Firefox and Google Chrome.

Step 2:  Go the site that has a username and password saved. (Lets Say http://www.evernote.com )

Step 3: Let the browser fill your username & password information.


Facebook Login page
Step 4:  Now right click on the password field and select "Inspect Element". This should bring the source of html page.

Inspect Element in Firefox


Step 5:  Double click on the text type="password"


Inspect Element in Firefox


Step 6:  Done - you will be able to see the password in clear text on the browser.


View saved Password By Inspect Element


This trick will work on almost all browsers that support developer tools for debugging. If you do not see "Inspect Element" option in right click menu you may try addons like FireBug that can provide it.

The technique we used is very common in web development world for debugging web pages. Though its use for retrieving someone's password is not very common.

A better way to protect your passwords will be to not save if in browsers unless you are sure it will not be accessed by any other person.


In general, saving password in browsers is not a good practice since the encryption level in browsers are not very strong. You may want to choose a dedicated password saving application with strong encryption. Mac Keychain is a very good example of secured password storage since it has good encryption and passwords are not revealed without a master/ admin password.

No comments:
Write comments