Password Viewing

SeaMonkey (and Mozilla Suite (1.7.12 release)) by default stores passwords in Base 64 encoding unless you activate Master Password in which case they are stored encrypted. As of Firefox .7 the default is encrypted. Both browsers now have a "view passwords" function in the Manage Passwords dialogue so this info is kind of academic at this point.

Base 64 passwords are stored in a plain text file in your profile directory. The usernames and passwords in this file can be fairly easily encoded and decoded.

The file historically was named in the format: [8 random numbers].s (for example, 56712987.s). Firefox now uses signons.txt.

Here are some different ways to manipulate, view, and edit Base 64 passwords.

1. Use an online tool - you can also download this page to your hard disk and run it from there. (This page was originally at Burnt Electrons Dot Com.)


2. You can use the location bar (URL entry bar) in the Mozilla browser to invoke a javascript command (thanks to Karsten). The following javascript commands can be copied and pasted into the location bar in your browser.

javascript:btoa("mypassword")

will result in "bXlwYXNzd29yZA=="

And

javascript:atob("bXlwYXNzd29yZA==")

will decode it back to "mypassword."


3. You can store bookmarklets (a bookmark containing a javascript) to encode and decode passwords in Base 64. Once you have the bookmarklets saved, you can simply open your password file in a browser window, highlight a username or password, click the deCode bookmarklet, and the decoded word will show in the browser window. Click BACK to go back to your file and do it again.

An encoding bookmarklet allows you to highlight a word in your browser and encode it. You can then highlight, copy, and paste that into your password file using Notepad or another text editor.

See the following links for more information:

Password Decoder Bookmarklet drag this and drop it on your bookmarks sidebar or bookmarks to save it.

Password Encoder Bookmarklet drag this and drop it on your bookmarks sidebar or bookmarks to save it.

Bookmarklets Explained


4. Download this page to your hard drive and load it into Firefox or Mozilla (right-click the link to save). It will display your passwords in the browser. This will not work online due to browser security! Thanks to "ernie" at netscape.mozilla.firefox who "borrowed" the code from the Firefox 1.0.7 source tree.

4b. Here's a newer version that neatens things up a bit. Thanks to Andrew Poth.

After using either of the two files above you can save the resulting file and it will include all of your password information. Use "File - Save Page as" or right-click in the page and choose "Save Page as." Name the file and select where to save it. It will contain all your password info as well as the original script. To prevent having the script run every time you view the saved file in your browser, open the file in a text editor and delete the comments and script portions. Save the result.

MORE INFO:

In the second file there are numerous comments delineated by the standard HTML comment signing ala:

<!-- begin comment all the stuff in here is a comment ... ... -->

That is safe to delete.

Then there is the javascript itself, which if left in, will run every time you want to view the saved file. The object (for me) was to save the table html file to be able to load and view it later without having to have the script run. So. Strip out the javascript code in the original "display_moz_passwords.html" file. The scripts are denoted by:

<script type="text/javascript"> all the stuff here is the script ... ... </script>

Delete all of the script, save the file. Open it and you won't have to go through the security check/pause. Obviously the file contains only those passwords in effect when the file was originally saved.