Hello you sexy, savage, surreptitiously tech-savvy penetrators (Pun intended)!
Today I'm going to show you two really quick tricks that allows you to find someones saved passwords on their browser. To use these tricks you must have access to their browser, which means you are either in their house (LEGALLY you bunch of hooligans!) or you are running VNC on their computer after executing a payload. So if you don't have access to any of these things, this article will not work out for you, but keep reading to just be informed. So lets get this party started!
On most browsers, including Google Chrome and Firefox, a user may be asked if he/she wishes to save their passwords when signing in to a webpage in order to make their future log in process faster. What they don't know is that when they click yes, that password can be seen by anyone else who uses the same machine. For my example, I will be using Google Chrome to find these passwords, but Firefox and other browsers have their equivalent pathways, so just try to follow along as best as you can.
- Step 1
Open the browser and head to the settings. From their look for a tab that have keywords such as "Manage Passwords" or "User Password". You may have to click the "Show Advanced Settings at the bottom of the settings page".
- Step 2
From their, click whatever seems to be the most likely place to find passwords. By now you should be displayed with a bunch of emails, where they have been used, and hidden passwords. If you hover your mouse over the password you intend to see, you will be able to put it in plain text. If no emails show up here, it means that your targets were smart enough to not trust this feature and you'll have to find another way of getting access to their passwords. Obviously, I blacked out my emails and websites, but yours will look normal.
On certain sites such as Facebook and *ahem... (online banks) there is an autofill function on browsers such as Google Chrome and if you ever come across these sites with an already filled in login text box, you know you have the password. Take this for example: facebook.
- Step 1
Go over to the text box with the hidden password and right click on your mouse. Go to Inspect Element (Thats when you know you're a 1337 HaX0r). Inspect Element shoud have already highlighted the line you are *puts on sunglasses* inspecting the element on. If it didn't than use the picture below to see what the line looks like.
- Step 2
Double click and edit the part of the code that says "type=password" and make it say "type=text". Then press enter and look at the text box that previously had the hidden password. The box should now show the password in plain text.
I hope this quick tutorial at least helped you, to some degree convince your roommate, family, or significant other that you are the 1337est HaX0r that ever lived (Oh and BTW I DO NOT ENDORSE HACKING BANKS: THAT'S BAD AND YOU'LL GET A SLAP ON THE WRIST SO DON'T DO IT)! Thanks for reading and have a good day.
Start your White-Hat Hacker journey with our Beginner's Course on Linux and Shell Scripting Fundamentals (including BASH, Pearl, and Python).