Steal Browser Data Using Python

Using Python Steal Browser Data Of Anybody

In this post we shall show demonstrate how you can steal browser data using python, lets begin :
Do you think it is safe to store your password in Firefox? The short answer is “no”. Any perpetrator that has access to your laptop is able to decrypt all your password within seconds.

1*GTJ fVctBjwRQlrN2jvV w
Decrypted Firefox password with Python

Gaining Access To Browser-Saved Data Of Anyone Using Python
Python is a versatile language that can be used to develop many useful applications to improve our daily lives, however, the same can be used to exploit system vulnerabilities leading to loss of data and privacy.

I have researched into the Firefox web browser and found out that it is not spared from this vulnerability. In this article, I will share my knowledge and describe the steps to compromise Firefox saved passwords.

Steps to crack Firefox passwords

There are three main steps to hack Firefox passwords.

  1. Identify the location of the saved usernames & passwords
  2. Load Network Security Services (NSS) library
  3. Decrypt the saved usernames & passwords

Step 1: Identify the location of the saved usernames & passwords

For the different operating systems, it is saved at different file locations as shown below:

Windows: C:/Users/<PC Name>/AppData/Roaming/Mozilla/Firefox/ProfilesMac: ~/Library/Application Support/Firefox/ProfilesLinux: ~/.mozilla/firefox/Profiles

Upon opening the folder, you will see a few profiles inside. The respective profile belongs to the user who has logged into Firefox before.

1* q0g0cWTK8pHjkiM5SZt8w
Two user profiles are shown in the Windows PC

Let’s go into any profile and find the logins.json file. After opening the file you will be able to see the following information.

{“id”:1,”hostname”:”https://login.ebay.com","encryptedUsername":"KoZIhAAAAAAAAAAAA","encryptedPassword":"HoktY1AAAAAAA","guid":"{92071111-e714-1192-a293-1222d2d5237}"

Congratulations, you have found three critical pieces of information :

  1. Hostname
  2. Encrypted username
  3. Encrypted password

Step 2: Load Network Security Services (NSS) library

The username and password are encrypted using PKCS #11 cryptography standard which uses your device as a “cryptography token” for encryption and decryption. Firefox has developed the NSS library to adopt this standard into their browser.

The following are the NSS library name for the respective OS.

Windows: nss3.dllMac: libnss3.dylibLinux: libnss3.so

It can be found easily in your Mozzila Firefox application directory.

1*wsXchgzuWDRkSe85LF0ugw
NSS library found in Windows PC

Step 3: Decrypt the saved usernames & passwords

After loading the library, it is time to use it for decryption. I hope that the following pseudocode provides you with an intuition of the entire decryption process.

#step 1: convert data (i.e. usernames/password)from base64 to string 
data = b64decode(data64)#step 2: pass the string data into the SECItem object as input data
input = SECItem(0, data, len(data))#step 3: create a SECItem object to store the decrypted output data
create a output = SECItem(0, None, 0)#step 4: perform PK11 decryption
PK11SDR_Decrypt(inp, out, None)

Putting everything together

After understanding the intuition behind the decryption process, you can analyse the firefox_decrypt.py source code in this GitHub repository to understand the entire process better.

Type in the following command to execute the source code:

python firefox_decrypt.py
1*6967OQjP5m93Chl5hHU2qA
Results from using the decryption tool

Congratulations you have learned how to decrypt your Firefox passwords! Credits to unode for developing such an interesting tool.

Other interesting articles :

Advanced Google Dorks Cheat Sheet

Disclaimer

I am sharing this knowledge to raise awareness of this vulnerability and demonstrate how easy this can be exploited. You should not use this tool on unauthorised devices. Cheers!

Leave a Reply