SeaMonkey (and Mozilla Suite (1.7.12 release)) by default stores passwords in Base 64 encoding unless you activate Master Password in which case they are stored encrypted. As of Firefox .7 the default is encrypted. Both browsers now have a "view passwords" function in the Manage Passwords dialogue so this info is kind of academic at this point.
Base 64 passwords are stored in a plain text file in your profile directory. The usernames and passwords in this file can be fairly easily encoded and decoded.
The file historically was named in the format:
[8 random numbers].s (for example,
Firefox now uses
Here are some different ways to manipulate, view, and edit Base 64 passwords.
will result in "bXlwYXNzd29yZA=="
will decode it back to "mypassword."
An encoding bookmarklet allows you to highlight a word in your browser and encode it. You can then highlight, copy, and paste that into your password file using Notepad or another text editor.
See the following links for more information:
Password Decoder Bookmarklet drag this and drop it on your bookmarks sidebar or bookmarks to save it.
Password Encoder Bookmarklet drag this and drop it on your bookmarks sidebar or bookmarks to save it.
4. Download this page to your hard drive and load it into Firefox or Mozilla (right-click the link to save). It will display your passwords in the browser. This will not work online due to browser security! Thanks to "ernie" at netscape.mozilla.firefox who "borrowed" the code from the Firefox 1.0.7 source tree.
4b. Here's a newer version that neatens things up a bit. Thanks to Andrew Poth.
After using either of the two files above you can save the resulting file and it will include all of your password information. Use "File - Save Page as" or right-click in the page and choose "Save Page as." Name the file and select where to save it. It will contain all your password info as well as the original script. To prevent having the script run every time you view the saved file in your browser, open the file in a text editor and delete the comments and script portions. Save the result.
In the second file there are numerous comments delineated by the standard HTML comment signing ala:
That is safe to delete.
Delete all of the script, save the file. Open it and you won't have to go through the security check/pause. Obviously the file contains only those passwords in effect when the file was originally saved.