Files that each big browser saves passwords

Many browsers come with a feature, that is, automatically save the password, the first time you enter the password will prompt you to save the password (some prompt is "autofill"), and then the next time you log on to the same site without having to enter the password again. Although convenient, but not safe. Because this data is stored on the hard disk. I began to think about how to see the star password, some browsers such as Sogou have the asterisk password viewer can see the asterisk password, but not all browsers have this extension, or not all the Web site support you to view, after all, some site security is very good, so I suddenly thought, Can not be able to get someone else's browser configuration file and this auto-save password function related files, and then on other computers on the same browser (different versions of the browser may also have a difference) in the configuration file can be overwritten or replaced once to get someone else's password, although still can't see someone's password, But he can still log in with his password. So I installed a few days ago in the virtual machine several browser test, successfully found the configuration file and password-related files, prove my guess is correct.

Here is the way: first I casually landed a website, and then enter their own login password, then the browser will prompt to save, and then determine. The following is formally started, first I want to determine whether this and password-related files in the configuration file, so I first found the configuration files of these browsers. (here to add how to find the browser configuration file, different browser configuration file path is different, some browsers such as 360 speed and Cheetah browser, etc., their configuration file is and browser program files in the same directory, so it is very convenient.) Only need to right-click on the browser's desktop shortcut, and then open the file location, you can see, the configuration file name is generally user Data, but some are not the same, long experience. There are some browsers such as Google, he is silent installation, this type of browser configuration folder and browser program files are stored separately, the default location is hidden, can be opened by this: first Win+r, then enter%appdata%,

After opening the first level of the directory, then the configuration file may be in these three directories, different browsers are not the same.

There are a class of browsers, such as their own configuration of the Green browser, their profiles are usually set in the same directory as the program files, so it is easy to find)

After finding the configuration files for these browsers, we move the configuration files (that is, the user Data folder) to another location and then reopen the browser, this time the browser will regenerate a configuration folder (that is, the user Data folder), Then we open the same site that we just landed on our account, and see if there is an automatic password, of course, because the browser password is saved in these configuration files, so because the password has been entered in the configuration folder moved, so now the regenerated configuration file does not have the password we just saved, So there is no automatic login password on this site, then it is proved that this password is stored in these configuration files is correct, then I will use the same method, gradually refinement, each time to remove a portion of files and folders, and then reopen the browser (must be re-open the browser, Refresh the browser is not see the effect of the site, and then look at this before the website has been automatically fill in the password, so step by step, I was half a half to come, so fast, and then soon found and password-related files, how to prove that this file is related to password preservation? Just to see if there is this file and there is no such file when the site has no automatic password to fill. So I tried a lot of browsers, and found that there are many browsers are very similar. Maybe because the cheetah and Google are webkit kernel, so many files are very similar, so I tried a lot of browsers, methods stupid point, but still very useful. Actually modify other people's things, or browser and other software problems can be solved by this method, such as browser if there is a problem, we can first disable some extensions or scripts to see if the problem still exists to view the problem, so that the problem is not known when the method is very good, Sometimes it is more difficult and more important to find a problem than to solve a problem.

Say a digression, in fact, their own configuration of the Green portable browser configuration file can save their own all the information, because all of our operations are in the configuration file, and then in fact, if you do not know the password file is which, and then it is difficult to find the words can be copied other people's entire configuration folder, Then you can overwrite or replace it on your own computer, but the main thing I would like to say is that there is no problem with the Green browser, but there is no way to install the browser. Because many of his things are always in use, or files are protected, you can not successfully copy the entire configuration folder, such as Cheetah Browser He has a security, then you directly copy his entire configuration folder is problematic, but directly copy that password file is not permission requirements. Cheetah Browser If you want to copy the entire configuration folder, you need to first remove security. Like the Cheetah Browser, there is no direct compression of the configuration file, because it is occupied, or is protected, so it will go wrong. Copying directly or being protected is not really used. But found that the cheetah's password file is not protected, can be directly dragged out.

Let's talk about cookies. In fact, I always thought the password was stored in this file. It's not just a log of your login information, but the password information is still in other files.

Baidu Encyclopedia: The server can use cookies to contain information of arbitrary nature to filter and regularly maintain this information to determine the status in the HTTP transmission. The most typical application of cookies is to determine whether a registered user has logged on to the site, and users may be prompted whether to retain user information for the next time they enter the site in order to simplify the login process, which is the function of cookies. Another important application is the "shopping cart" process. Users may select different items on different pages of the same site for a period of time, which will be written to cookies to extract information at the end of the payment.

In fact, it's not as if the password is stored in a cookie, but is stored in a single file. Because the cookie password is erased like Google Chrome. And there is a single cleanup item called a password. Note, however, that I am talking about the automatic password-filling function of the browser, and I am not actually using this, but an extension: LastPass, this method of saving passwords, his password information is not in these files I said, if you are using an extension such as LastPass, Then all your login information will be deleted after you clear the cookie, that is to say you need to re-login, but LastPass is automatically filled in, or very convenient. I'm just saying that lastpass this extended password password is not stored in the files I said below, but on LastPass their company's server, remember.

The path to the configuration folder for the major browsers is different.

These are the password-related files that I found after testing in the virtual machine, and if someone else is using the auto-fill password feature from the browser, and saved some passwords, they are not cleaned up. Then you can get these files, and then install the same browser on your own computer (different version may have a difference, generally can be used), and then in your profile to replace or overwrite the file, and then log on to the same site to automatically login to his account, but still do not support to view his password. I only have a few browsers listed here, including Google and Firefox are green version. Firefox is Pcxfirefox. Other browsers look for these files in the same way.

Files that each big browser saves passwords