FireMaster 2.1 – A Firefox Master Password Recovery Tool

Use Netsparker


FireMaster version 2.1 has been released with its new features and new speed.

Firemaster is the Firefox master password recovery tool. If you have forgotten the master password, then using FireMaster you can find out the master password and get back your lost signon information. It uses various methods such as dictionary, hybrid and brute force techniques to recover the master password from the firefox key database file.

Since its initial release in Jan 1, 2006 its speed has increased exponentially and currently it is operating at a speed of 50,000 passwords/sec to 100,000 passwords/sec depending upon low end or high end machine.

How it Works?

There is no way to recover the master password as it is not stored at all. Firemaster uses the same technique which has been used by firefox to check if the master password is correct, but in more optimized way. The entire operation goes like this.

  • Firemaster generates passwords on the fly through various methods.
  • Then it computes the hash of the password using known algorithm.
  • Next this password hash is used to decrypt the known encrypted string for which plain text ( i.e. “password-check” ) is known.
  • Now if the decrypted string matches with known plain text ( i.e. “password-check” ) then the generated password is the master password.

Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user’s profile directory. So you can just copy this key3.db to different directory and specify the corresponding path to Firemaster. You can also copy this key3.db to any other high end machine for faster recovery operation.

More details are available here:

FireMaster

Posted in: Hacking Tools, Password Cracking

, ,


Latest Posts:


testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.


2 Responses to FireMaster 2.1 – A Firefox Master Password Recovery Tool

  1. Dmitry Negoda November 26, 2007 at 12:55 pm #

    If this does not help, please try the approach I have figured out recently. See my post: http://dmitrynegoda.blogspot.com/

  2. Celyn June 13, 2008 at 2:12 pm #

    Courtesy of http://kb.mozillazine.org/Master_password
    If you want to reset your master password (at the cost of your saved passwords), with no downloads, go to:

    chrome://pippki/content/resetpassword.xul
    woops I missed it off the last one