It's no secret that almost every browser today is equipped with a password manager. After entering the username and password on websites, when entering social networks (which are divorced ... at least shoot them), etc. these managers are kindly interested in you, and not save this data to the browser? You save them and in the future the browser automatically inserts these saved passwords when you enter somewhere, you don't even notice it - it's very convenient and practical ...
Months and years pass and there comes (always unexpectedly and despicably) a terrible day when in the morning your computer does not start when operating system goes on vacation, along with all the data.
The new operating system will be installed by a neighbor or a call specialist, and who will restore ALL PASSWORDS FROM ALL BROWSERS?
From a similar situation there are several ways out. If synchronization in the browser was enabled, then all data can be restored from the "cloud".
If you periodically did backups profile your Internet browser (s), you can plug it into a freshly installed browser and everything will be fine again. For this there is a program MozBackup, for example.
And users of the LastPass program (and service) do not have to worry about this supposedly problem at all.
But you know what is most surprising - literally a few users use all of the above means of storing their data. Everyone is sure that this will not affect them and that everything will be forever good for them, they are spellbound, they are not some kind of "teapots"!
Today I want to describe to you another surprisingly useful and easy program(only 0.2 MB in size) under the name WebBrowserPassView, which will find ALL passwords in ALL your browsers in a second, display them in one window, allow you to download and save them in several formats.
The WebBrowserPassView utility will be useful to everyone in their own way. Someone in a second "steals" all the passwords from their friend, because this program does not even need to be installed, it is portable and can work from a flash drive.
For example, I have five browsers installed and it turns out that you work in one or the other. Passwords for websites and services are remembered in different browsers... Sometimes it is very inconvenient to launch several browsers, wander through their settings or profiles in search of the required password.
For fetching and saving passwords from browsers, the WebBrowserPassView utility is unmatched in terms of speed and ease of use ...
Download WebBrowserPassView
We unpacked the archive and got a folder with the program ...
We go into it and see ...
The program itself is on the right, one file. The two files on the left can be safely deleted. Now you can Russify the program (although I understood everything in it without the Russian language).
Download from the official website of the manufacturers Russification file at this link and after taking it out of the downloaded archive, place it in the folder with the program - it should look like this ...
I did screenshots mixed with English version, then with Russian. We launch the program by clicking on the shortcut on the right ...
... and immediately get all the passwords from all the browsers you have installed! Naturally, mine was overwritten in the screenshot.
By selecting one line or several (holding the "Ctrl" button on the keyboard), you can save the login and password from the website in several formats ...
As you can see, even in special format KeePass programs.
All this can be done using the program panel ...
You can customize the appearance of the columns in the window, remove unnecessary ones, for example ...
Or in the Russian version ...
Here's another program menu item ...
And by going into the settings, you can assign browsers from which passwords and logins will be fished out ...
Browsers, email clients and other programs often offer to save passwords. This is very convenient: I keep it and forget it, and sometimes in the literal sense of the word. But what if you need to change your browser, reinstall the system, or just log in from a different computer? It turns out that browsers store passwords very insecurely. There are a lot of recovery programs, and of course, they will work no worse on someone else's machine than on yours.
Browsers
The browser often stores dozens or even hundreds of passwords. It’s clear if you don’t use one password for all occasions (and this is not best idea), remembering passwords from all sites and forums can be problematic.
If you have forgotten an important password and do not want to rack your brains, download and install the WebBrowserPassView program. You will be surprised: she can easily extract passwords from Internet Explorer, Edge, Chrome, Opera, Safari, Firefox and Yandex Browser and the latest versions are supported. Personally, I've tested this program with IE, Firefox, Chrome and Opera - in no case did it misfire.
Before launching WebBrowserPassView, it is advisable to disable the antivirus, as some will complain that it is malware. The recovery result is shown in the screenshot. Don't blame me, but I covered up the Password column and part of the User Name.
Select the passwords that you want to remember, execute the command File - Save Selected Items. Highlighted passwords will be saved to normal text file this format:
================================================== URL: Web Browser site: Firefox 32+ User Name: User Password: Password Password Strength: Very Strong User Name Field: Password Field: Created Time: 09.07.2015 21:15:16 Modified Time: 09.07.2015 21:15:16 ==================================================And of course, the program is suitable for extracting passwords on someone else's machine. If you have local access or remotely - via RDP or TeamViewer, it will not be difficult to get passwords.
Mailers
Continuation is available only to subscribers
Option 1. Subscribe to "Hacker" to read all materials on the site
Subscription will allow you to read ALL paid materials on the site within the specified period. We accept payment bank cards, electronic money and transfers from the accounts of mobile operators.
Even if you are not going to collect passwords on other people's computers, programs like LaZagne are very good way think about how vulnerable our privacy is when our computers are not under our control: at airports, when they are checked in luggage, in repair shops, after sales, etc.
And if you are going to crack other people's passwords, then I would like to draw your attention to the fact that LaZagne is a utility command line, and you can come up with different interesting options for it hidden use on machines remote for you to extract the target's passwords ...
Password recovery software
I think you already figured out what I'm going to talk about LaZagne.
As good alternatives, you can remember programs from:, and others. The programs have quite self-explanatory names (the first extracts passwords from web browsers, the second from mail clients, a third from instant messaging clients).
These are absolutely free programs, without ads and garbage, many of them have a command line interface, they are very undemanding to resources. But they only work under Windows and are closed source. If the program is closed source, then this leaves room for thought: it simply extracts passwords, or it extracts passwords AND passes them on to anyone ...
LaZagne is open source and written in Python 2, i.e. if you know how to set up the Python runtime and install the required dependencies, you can run directly source scripts(as is done on Linux). For those who do not know how / do not want to understand, executable files are compiled, which also contain all the necessary dependencies.
By the way about Linux. The version for this OS is different from the version under Windows themes that supports fewer programs for which it can recover passwords.
By the way: who knows other similar ones functional programs with open source code- write about them in the comments, it will be interesting to see them.
Instructions for using LaZagne in Windows
The program is very easy to use. If you want to use the ready-made executable file, then go to the releases page: https://github.com/AlessandroZ/LaZagne/releases and select latest version for Windows (file Windows.zip).
Unzip the downloaded file. Open a command prompt in Windows ( Win + x) and select there " Command line" or " Command Line (Admin)". In theory, as described in the official documentation, when you run the program as an administrator, it should find passwords for all users, plus a password for Wi-Fi. On the contrary, the program does not work at all on the command line as an administrator (it finds nothing). Perhaps you need to run it in a different way, for example:
C: \> runas / user:
C: \> runas / user:
But this also did not work for me (since I have an account without a password, and for such a launch it must be with a password). I didn’t deal with this much, but just started it on the command line as an ordinary user. Let's go straight to the place where it worked for me)))
You can drag the executable file into the opened command line window (so as not to type its location by hand). Add a space after all to get something like this:
Here is my result:
LaZagne.exe all -oN
The file is saved not relative to the location of the running program, but relative to the current working directory (the one that can be seen at the command line prompt). For example, in my case it is C: \ Users \ Alex \, which means the file with the found passwords is saved in C: \ Users \ Alex \ results \
You can also use the option -oJ to save in Json format or option -oA- to save in two formats at once. By the way, for me, it saves normally in Json, and when you choose to save as plain text, only a few passwords are saved.
If you also have problems with this, then you can use the banal output redirection:
LaZagne.exe all> logons.txt
If you want to search for passwords only for browsers:
LaZagne.exe browsers
You can even run a search only for certain browsers, for example, for Firefox:
LaZagne.exe browsers -f
For a complete list of available options and supported software, see the software help.
Conclusion
LaZagne is very easy to use and does a pretty good job of finding passwords on your computer. The program continues to actively develop and new scripts are regularly added that allow you to search and recover passwords for more more programs.
You can protect yourself to some extent from this program if, for example, you use a master password for browsers (which support it).
You should always remember about such programs if you use computers. common use(for example, in an Internet cafe) or your computer falls out of your possession at least for a while (when checking in luggage, returning for repairs, selling).
When selling, do not rely on simple deletion or formatting hard disk... Forensic tools (like Autopsy) are capable of recovering data. By the way, Autopsy, in addition to passwords, will be able to show the history, cookies of web browsers, visited sites, information about the time of using the computer (generated by many factors) and much more.
Do not leave your laptop or desktop computer unattended even for a couple of seconds! Otherwise, passwords from your page in in social networks, from blog and mail can pass into the hands of an attacker. Now this is possible thanks to the birth of free software called WebBrowserPassView. Thanks to her, the secret on your computer will become clear, and you will not have time to blink.
The software is also available in Russian, and you can download it without any restrictions on the nirsoft.net website. Moreover, the program does not require installation. You can run it, say, from a flash drive on a computer that for a moment was left without supervision from its owner. For everything about all the software you need only 2 seconds. It will scan browsers like Mozilla Firefox, Google chrome, Internet Explorer and Opera, and will take out all passwords from them, including passwords for access to popular sites Facebook, Yahoo, Google and Gmail. The software will carry out all the work automatically and it will even be possible, using the program, to print out all the information obtained.
As explained to RBC daily general manager of the Group-IB company Ilya Sachkov, such software cannot be considered malicious. The program is executed authorized by the user, while it is executed locally and does not send any data anywhere. It automatically provides access to information that can be viewed in other ways. This program does not carry any new threats.
WebBrowserPassView only outputs credentials stored in browser forms, so according to Mr. Sachkov, it is sufficient not to store passwords using staff resources web browsers, and in this case, the user is not in danger. In addition, this software cannot extract passwords protected, for example, with a master key Opera web browser... Passwords in IE are encrypted using the web addresses to which they refer, so if you delete the browsing history, you won't be able to retrieve the passwords either.
First of all, you need to use password-protected user accounts and lock the computer left unattended. You should not save credentials to important websites in browsers. Where possible, it is recommended to use additional protection in the form of master keys. The main thing to remember is that it is not only such a harmless utility that can extract passwords. Much more often, a login - password pair is stolen by hackers using malware that really poses a security threat. private information users are noted by an expert.
According to the project manager ADV / web-engineering co. Nikita Dubinkin, the WebBrowserPassView program accesses passwords by scanning system files browsers. At the same time, the program can work with all browsers on Windows OS, except Safari browser from Apple. To use this program, an attacker must gain access to the victim's computer. The computer must be authorized under account used by the victim.
“A specific program is not scary for browser users Apple Safari and is not dangerous for anyone using Linux or MacOS on their PC. Nevertheless, the very existence of this program shows that password encryption methods in browsers are not reliable enough. And, in order not to be afraid for the safety of your own data, you should refuse to store passwords for important sites ( Email, Internet banking systems, etc.) in the browser, ”recommends Mr. Dubinkin.
Additional Information.
