Firefox, Safari, Opera, and Chrome Passwords Cracked

November 11th, 2010 by Olga Koksharova
Category: «Elcomsoft News», «General», «Industry News», «Security», «Software», «Tips & Tricks»

What is a Web browser for you? It’s virtually a whole world, all together: web sites, blogging, photo and video sharing, social networks, instant messaging, shopping… did I forget anything? Oh yes, logins and passwords. 🙂  Set an account here, sign in there, register here and sing up there – everywhere you need logins and passwords to confirm your identity.

Yesterday, we recovered login and password information to Internet Explorer only, but it was yesterday… Now, Mozilla Firefox, Apple Safari, Google Chrome and Opera Web browsers are at your disposal.

Let’s plunge into some figures…

Imagine, just a couple of years ago there was no Chrome at all and now it captivates more than 19% of users and is the third most popular Web browser. Safari appeared first in 2003 under Mac OS and in 2007 under Windows, now it’s the fourth popular Web browser.

A curious scene unfolds before us, IE is constantly losing its followers to the advantage of FireFox and rapidly spreading newcomers like Chrome. However, in spite of all these browser wars, any statistical data can only be relatively true and I’m sure we all use more than one Web browser (I use three at least).

Some of them are at hand because they are default browsers like Safari on iPhones and iPads, some of them are more convenient for Web designing, and some run under Linux and Mac OS X as well.

That’s why we decided to crack other browsers as well. BTW, our CTO Andy Malyshev claims that compared to IE 8 protection all the other browsers were just “a piece of cake”. 🙂

Just if you’re curious, different Web browsers store their data (including logins and passwords to web sites) in different formats. In Apple Safari, it is Property List (plist), in versions up to 3.x (incl.), that was just a plain XML which is easy to parse. In Safari 4 and 5, it is in binary form (though organized very similar internally). Encryption is done with DPAPI.

Mozilla Firefox: up to version 3.5, they stored everything in plain text; starting with version 3.5 – in SQLite databases. Everything is encrypted there (yes, in old text files, too) using their own API called Network Security Services (NSS).

In Google Chrome SQLite is used as a storage and DPAPI for encryption.

Opera: proprietary (binary) file format whereas encryption is done with DES.

Now it’s easy to get back account information, logins, passwords and cached forms in all browsers like IE, Apple Safari, Google Chrome, Opera, and Mozilla Firefox, as well as Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail.

However, there is a trick with Mozilla Firefox…if it has a master password, your only prey will be URLs, unless you know the required master password…OR have Elcomsoft Distributed Password Recovery which deals with such passwords. 🙂

One more trick with Firefox (quite a tricky browser, isn’t it?) is that unlike the others it should be installed itself, because EINPB refers to some of its dll-files.

As we’ve seen, the tendency is to use several browsers, or better said switching from IE to other ones, which implies some problems with switching some details (such as name, address, or whatever else) cached in your previous Web browser and happily forgotten. This is a frequent scenario – I personally found myself in similar situation a couple of days ago, when I had to reach an online account (which login and password are cached) from another browser and couldn’t…but my situation was even worse because I used different computers. Anyway, this won’t bother you anymore, because EINPB can pull all data from your old browser and gather it in one file. 

So, let us not dampen our joy over browser wars as they are not finished yet and appease our hunger for new browsers (?) We also get influenced by popular opinion, so tell us your browser preferences and maybe we’ll crack them too. 😉


REFERENCES:

Elcomsoft Internet Password Breaker

Elcomsoft Internet Password Breaker instantly reveals passwords to Web sites, identities, and mailboxes stored in a variety of applications. Supporting all popular Web browsers and all versions of Outlook Express, Microsoft Outlook, Windows Mail and Windows Live Mail, Elcomsoft Internet Password Breaker helps you retrieve the login and password information to a wide variety of resources.

Elcomsoft Internet Password Breaker official web page & downloads »