Firefox provides a security feature – the master password, which allows you to set a password, when sharing a computer with others. After it has been set, you will be prompted once every session to enter it whenever Firefox needs to access your stored passwords. But, if you forget the password, Firefox provides only one way -
chrome://pippki/content/resetpassword.xul
to retrieve the password that will clear all of your saved usernames and passwords. Not much of a use there, eh?
But for sometime now, a utility has been made available to us by the same guys who got us the DLLHijackAuditor, have given us FireMaster, a utility on Windows which will help you retrieve the Firefox master password! According to the author, FireMaster is the first ever built tool to recover the lost master password of Firefox.
It uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file. It also supports pattern based password recovery mechanism which significantly reduces the time taken to recover the password. It is also open source! As of now, it has been proven to work with Firefox version 3.5.6.
A FireMaster screen shot:
FireMaster supports following password generation methods:
- Dictionary Method – Use a dictionary file having each word on separate line to perform the operation. You can add a list of your probable passwords to a dictionary and use it to crack.
- Hybrid Method – Perform hybrid crack operation using dictionary passwords. Hybrid crack can find passwords like pass123, 123pass etc
- Brute Force Method – In this method, all possible combination’s of words from given character list is generated and then subjected to cracking process.
Steps to retrieve the Firefox master password:
- Copy the key3.db file to a directory that holds the firemaster executable.
- Point to the Firefox profile directory
(Ex: C:Documents and Settings\Application DataMozillaFirefoxProfiles)on your machine.
That’s all! A few examples of usage:
- Dictionary Crack
FireMaster.exe -d -f c:dictfile.txt Firefox_Profile_Path
- Hybrid Crack
FireMaster.exe -h -f c:dictfile.txt -n 3 -g "123" -s Firefox_Profile_Path
- Brute Force Crack
FireMaster.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" Firefox_Profile_Path
Download FireMaster version 4.0 here.
Comments on this entry are closed.