I was contacted by quite a few people desperately trying to get this quick-hack of mine (described in latter sections) to work. As it turns out, it's not that easy; and it's not even FF3 compatible.
Fortunately, out of need I've created much better solution than this quick hack -- a Firefox3 compatible password exporter written as a HTML page.
To use it simply download the file to your harddrive, then open it in Firefox. Firefox will ask whether you want to allow potentially UNSAFE operation (accessing your password store), then it will ask for your master password and you'll be presented nice table with your passwords. Nothing else needed.
From that page you can even export all your passwords to textfile with single click and/or sort them by hostname, username, or password.
Ever needed to export saved passwords from Mozilla? Doing it via "show passwords" in "Password manager" can be quite daunting task if you have more than few accounts saved.
It's quite simple with no master password -- you just need to write a simple parser for signons.txt format plus base64-decode the fields.
With master password set, it's a different story ...
With master password set the fields are stored as PKCS#11 (let's say encrypted ;) ). So we need to decrypt them first.
I hacked "sdrtest" utility which comes with Mozilla to non-interactively decrypt any input you throw at its stdin (provided you know correct password and your "key3.db" and "signon.txt" files are correct). Resulting binary is called "sdrdecode".
That isn't much, since you would have to copy&paste everything by hand. So I wrote script (in Ruby) to parse signons.txt, decrypt the input through "sdrtest" and display all hosts in a human-readable (or should I say geek-readable?) fashion.
So the whole things now looks simple:
wejn@ns ~/work/moz-export $ export MOZ_PASSWORD=kocicka wejn@ns ~/work/moz-export $ MH=~/.mozilla/firefox/9idmuan1.default/ wejn@ns ~/work/moz-export $ ./moz-decoder.rb $MH $MH/signons.txt Host: http://svetluska.wejn.org Type: form Fields: user_login: 547212047 user_password: 547212047 Host: 10.0.0.1:80 Type: http auth with realm: Viking Fields: HTTP-auth/username: root HTTP-auth/password: tajneheslo wejn@ns ~/work/moz-export $
So, if you just want to use it, see next section which covers installation.
You'll need quite a few things on your computer:
- running Linux
- Ruby >= 1.8
- spec.rb (if you want to mess with documentation)
To install just unpack the package, type "make" and if all goes well, you can start using it.
If not, you have two options:
- fix it by yourself
- ask me _nicely_ to fix it
It's quite simple:
Usage: ./moz-decoder.rb <profile_dir> <wallet_file> [password]
Profile directory is the directory where your Mozilla keeps your key3.db and other files. If you want (for safety reasons) copy the files elsewhere, you will need:
- "key3.db" -- Key database
- "cert8.db" -- Client Certificate database
- "secmod.db" -- security modules desc. (?)
- "signons.txt" (Firefox) or "*.s" (Mozilla) -- saved passwords
Then you can point "profile_dir" to dir where you put the backup. Wallet file is full path to the last file in previous list.
Password can be entered in two ways: via env. var "MOZ_PASSWORD" or via commandline (not recommended on shared boxes).
You will get human-readable dump on standard output. If you don't like the format, just edit end of the script -- changing the output format is braindead simple.
Usage: sdrdecode <profile_dir> [password]
Variable description is same with moz-decoder.
It expects base64 encoded strings on stdin and after you're done feeding it, you will get decrypted strings as output (one per line).
It doesn't process one-by-one since I was lazy while hacking the C source. (who would want to mess with C source after working couple of years in Ruby, anyway? :) )
If you have all prerequisities, it'll be quite simple to extract the saved passwords this way.