Extract autofilled passwords from your browser

So you know how Chrome and many other browsers allow you to view your passwords, but they ask you to enter your system password in order to do so? I’ve always found that a bit strange, because there’s a way to get a saved password without doing that. A very simple way, actually.

TL;DR: Let the browser autofill the field, and then paste this into the address bar:

1
javascript:alert(document.querySelector("input\[type=password\]").value)

There is no special system for websites to log in with the autofill data stored in your browser. Websites just have a username and password field, that’s it. In order for the browser to actually autofill your password, it has to literally “type” the password in for you into the password field. But a password field is just a DOM element, accessible easily through the console…

So, here’s how to do it. First, visit the site you want to extract the password for, and let Chrome autofill the password field.

chrome has filled in my password

Then, simply right-click the password field, and select Inspect. This will focus that field inside the DOM inspector. (sometimes you have to right-click and select Inspect again once the instector window is open)

After that, double click the element and change type="password" to type="" and press Enter.

change the field’s type, remove “password”

Now the password field is just a normal field. You can see and copy the password right out of the password field.

password field is now a normal field


There are even easier ways than this though. For example, you could paste this snippet into the address bar:

1
javascript:alert(document.querySelector("input\[type=password\]").value)

just paste into the address bar, and the password is revealed

This just searches the page for the first “password” type field, and shows you it’s current content in a message box. Simple!

扫一扫,分享到微信

微信分享二维码
  • Copyrights © 2015-2021 jjv360

请我喝杯咖啡吧~

支付宝
微信