Categories: Kali Linux

FireMaster – The Firefox Master Password Recovery Tool

FireMaster is the principal ever tool created to recoup your lost or overlooked Master Password of Firefox utilizing easy to cutting-edge password recovery techniques.

The master password is utilized by Firefox to secure the put-away login/password data for all visited the sites. In the event that the master password is overlooked, at that point, there is no real way to recuperate the master password and client will lose every one of the passwords stored in it.

FireMaster bolsters following Firefox Master Password Recovery techniques,

  • Dictionary Method
  • Hybrid-Dictionary Method
  • Brute-force Method
  • Pattern-based Brute-force Method

Also Read John The Ripper – One Stop Password Audit Tool

How FireMaster Works?

Pattern-based system diminishes recovery time essentially, particularly when you recall some portion of the password. When you have lost the master password, there is no real way to recuperate it as it isn’t stored in any way.

At whatever point client enters the master password, Firefox utilizes it to unscramble the scrambled information related with the known string.

In the event that the decrypted information coordinates this known string then the entered password is right. FireMaster utilizes the comparable method to check for the master password, yet in the more improved way.

The whole activity goes this way.

  • FireMaster creates passwords on the fly through different techniques.
  • At that point, it processes the hash of the password utilizing known calculation.
  • Next, this password hash is utilized to decrypt the scrambled information for known plain content (i.e. “password check”).
  • Presently if the decrypted string matches with the known plain content (i.e. “password check”) at that point the produced password is the master password.

Firefox stores the insights about encrypted string, salt, calculation and rendition data in entering database record key3.db in the client’s profile registry. You can simply duplicate this key3.db document to various catalog and determine the comparing way to FireMaster. You can likewise duplicate this key3.db to some other top of the line machine for quicker recuperation task.

How to use FireMaster?

First, you need to copy the key3.db file to the temporary directory. Later you have to specify this directory path for FireMaster as the last argument.

Here is the general usage information

Firemaster [-q]
[-d -f <dict_file>]
[-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ]
[-b -m <length> -l <length> -c "charlist" -p "pattern" ]
<Firefox_Profile_Path>

Note: With v5.0 onwards, you can specify 'auto' (without quotes) in place of "<Firefox_Profile_Path>" to automatically detect default profile path.
Dictionary Crack Options:
-d  Perform dictionary crack
-f  Dictionary file with words on each line


Hybrid Crack Options:

-h  Perform hybrid crack operation using dictionary passwords.
Hybrid crack can find passwords like pass123, 123pass etc
-f Dictionary file with words on each line
-g Group of characters used for generating the strings
-n Maximum length of strings to be generated using above character list
These strings are added to the dictionary word to form the password
-s Suffix the generated characters to the dictionary word(pass123)
-p Prefix the generated characters to the dictionary word(123pass)


Brute Force Crack Options:

-b Perform brute force crack
-c Character list used for brute force cracking process
-m [Optional] Specify the minimum length of password
-l Specify the maximum length of password
-p [Optional] Specify the pattern for the password

Examples of FireMaster

// Dictionary Crack
FireMaster.exe -d -f c:\dictfile.txt auto
// Hybrid Crack
FireMaster.exe -h -f c:\dictfile.txt -n 3 -g “123” -s auto
// Brute-force Crack
FireMaster.exe -q -b -m 3 -l 10 -c “abcdetps123” “c:\my test\firefox”
// Brute-force Crack with Pattern
FireMaster.exe -q -b -m 3 -c “abyz126” -l 10 -p “pa??f??123” auto

R K

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

3 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

3 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

5 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

1 week ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago