\
In a bid to not always have to type in your Passwords, you take Google’s option of storing them in your web browser. But is it safe?

\
Learn more from the video below.

## Watch the Video

[https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins](https://www.youtube.com/watch?v=yBy2H6VZqpA&ab_channel=GrantCollins)

\
\
00:00

all right so have you ever been up on a

00:01

website such as the one right in front

00:03

of me

00:04

and you're on your browser and you have

00:06

the option to save your password

00:08

now this is a very standard thing to do

00:09

just go ahead and click save and move

00:11

forward although it may be

00:13

a standard practice it is not the most

00:14

secure way to store your passwords

00:16

so in today's video i'm going to show

00:18

you why it is that you should never

00:20

store your passwords in

00:21

browser through a couple of

00:22

demonstrations and then after that i'm

00:24

going to quickly overview

00:25

some solutions that you can use to

00:27

tackle this

00:28

problem before i get started with demo

00:30

one allow me to overview the scope of

00:32

attack and target devices

00:33

so for double one i will be overviewing

00:35

and running a simple python script to

00:37

capture passwords through the google

00:38

chrome browser

00:39

because google chrome browser has the

00:41

majority share in the browser market and

00:43

windows has the lead in the os wars i

00:45

will be using both

00:46

services to conduct my attack demo for

00:48

number two i will be switching up things

00:50

moving over to my home lab environment

00:52

which is running an ubuntu 1804 desktop

00:54

lts version this environment i have a

00:56

post exploitation tool

00:58

installed to capture passwords this time

01:00

the scope is mozilla firefox as my

01:02

browser in

01:03

linux as my os now let's just talk about

01:05

some general limitations to each of

01:07

these attacks first off both demos

01:08

require a scenario where the attacker

01:10

has full remote or physical access

01:13

with correct privileges to the target

01:14

machine also they both require

01:16

python 2.7 or 3.8 to be installed to use

01:20

the python script or

01:21

post exploitation tool alright so with

01:23

this behind us let's get into

01:25

demo number one

01:26

\[Music\]

01:30

all right so for the first demonstration

01:32

this is a bit outdated

01:34

all you need is a remote access to a

01:36

windows machine as well as python

01:38

installed so with that being said let's

01:40

go ahead and transition over to my

01:42

screen here

01:43

in front of me i have a virtual

01:45

connection to my home lab which is

01:46

running a virtual machine

01:48

specifically windows 10 home edition

01:51

now this virtual machine has the latest

01:53

version of google chrome installed

01:55

and it has python 3.8 installed so for

01:58

the first technique

01:59

it is a python script which allows you

02:01

to get the username and

02:03

password in front of me i have a python

02:05

script which i pulled off

02:07

from an online article link in the

02:09

description below as well on the side of

02:10

the screen

02:11

full credit goes to this author i made

02:13

just a couple of edits for my specific

02:16

use case

02:16

up until chrome 79 you could get all the

02:18

passwords and usernames

02:20

and to do this all you had to do was go

02:22

to the folder location where chrome

02:25

stores its passwords

02:26

get the website url the value in the

02:29

password value

02:30

right here from the sql database and

02:33

then you could iterate through

02:34

the lines and get the password so i'm

02:37

gonna go ahead and

02:38

run this in my case and you're gonna see

02:41

two things

02:42

the first thing is a tuple and we're

02:44

gonna go over that in a moment but the

02:45

second thing

02:46

is an error from chrome 80 and up google

02:49

made a patch or changed their method of

02:52

storing the password

02:53

which no longer allows you to unencrypt

02:56

the password

02:57

in this case it's a bit outdated if you

02:58

were to find a machine

03:00

say in chrome 79 you could go ahead and

03:02

use this method the first

03:04

bit of output is a tuple and in this

03:06

case

03:07

we can locate both the websites as well

03:11

as the

03:11

username so we have both of those things

03:14

and then as you can see here we have an

03:16

encrypted password which we don't have

03:19

access

03:20

to now you do have to have a saved

03:22

password in google chrome which i went

03:24

ahead and saved

03:25

and there you go you can get the website

03:28

as well

03:28

as the username it's not very

03:31

sophisticated anymore it's outdated but

03:33

if it is up to chrome 79 you can go

03:35

ahead and do this

03:36

method now let's get on to demonstration

03:39

number two

03:45

all right for the second demonstration

03:46

we're going to be quickly reviewing the

03:48

post

03:48

exploitation tool in this case it's

03:50

called laziness target is going to be

03:52

firefox

03:52

and the linux operating system now here

03:55

in front of me we see a github

03:56

page and it's an overview of the lazane

03:59

tool you can go ahead and install it for

04:01

linux mac or

04:02

windows and we're going to be using the

04:04

linux in this case

04:06

now zane is a post exploitation tool

04:08

which allows you to extract passwords

04:11

from various types of systems including

04:13

browsers and wi-fi

04:14

in this case the scope is browsers in a

04:17

real world scenario once you would have

04:18

access to

04:20

the machine you'd go ahead and install

04:22

the zane on here

04:23

and then you could go ahead and extract

04:25

the passwords while zane is already

04:26

installed on

04:27

this environment it is very easy to

04:30

extract the passwords

04:31

from whatever browser it goes through a

04:33

lot of browsers here in front of me i

04:35

have a journal session open

04:36

and i'm going to go ahead and launch the

04:39

lazane tool

04:40

using python

04:47

i'm going to be using the browsers

04:49

option so in front of me once i hit

04:50

enter

04:51

we are going to see that the passwords

04:54

have been found

04:55

now in this case what i've done is i

04:58

went ahead and saved a couple passwords

05:00

to uh the browser firefox and as you can

05:03

see we have the url

05:05

login and the password so there you go

05:08

zing is a very easy tool to use once you

05:11

have gained access

05:12

to the remote systems all right so with

05:14

these two demonstrations behind us

05:17

what can you do to really remediate or

05:20

i guess protect yourself against an

05:22

attack like this one but let's go ahead

05:24

and overview a solution that i propose

05:27

\[Music\]

05:28

\[Applause\]

05:32

first off i wouldn't save your passwords

05:35

to your browser now the limitation to

05:37

this entire attack is that

05:39

the attacker is already gonna have to

05:41

have access

05:42

to your machine which that could be

05:44

remotely or

05:45

physical so that is the big limitation

05:47

to this attack what i would recommend

05:48

you do is look into a password

05:51

management solution now there's all

05:53

types of password management solutions

05:54

out there

05:55

you have locally hosted ones such as

05:57

keepass you can even locally host your

05:59

own

06:00

password manager on your home network or

06:02

you can look into

06:04

something that's a little bit more

06:05

convenient such as third-party

06:08

cloud hosted password managers one

06:10

password

06:11

i highly recommend lastpass there is all

06:13

types of password managers out there

06:15

that's what i would recommend that you

06:17

do

06:17

instead of entering the limitation of

06:20

chrome

06:21

firefox or any of the popular browsers

06:23

which only have your password saved to

06:25

that specific

06:26

browser i would recommend looking into a

06:29

password management solution

06:31

alright so that's it for today's video

06:33

hopefully that you have learned

06:34

something new

06:35

i just thought that this was a very

06:36

interesting topic to just overview

06:38

really quickly

06:39

and you know maybe suggest a password

06:41

management solution

06:42

if you've enjoyed uh please consider

06:45

liking the video which would help me

06:47

and yeah until the next time have a good

06:49

day

 \n 

\


Google

Mozilla

Why You Should Never Store Passwords in Web Browsers

Too Long; Didn't Read

Companies Mentioned

@grantcollins

RELATED STORIES