How to hook into browser password manager?

Captain

I am thinking about making a little Windows app to keep track of my usernames and passwords, like Keypass.

Is there an API that I can use to hook into browsers? I'm guessing that each browser is going to have its own. I'm okay with that. But what is a sane architecture for this? I guess I'm thinking something like:

service with json endpoints -> various front ends, including wpf and browser plugins to hook into their password manager

Can this be done?

blakeyrat

@Captain IIRC from back when I was writing browser add-ins, add-ins (generally speaking) do not have access to the local filesystem or, if they do, it's only to one tiny folder that's .zipped along with the rest of the add-in code.

(Note that I never worked with the normal Firefox add-in stuff, I worked with their Jetpack "simplified" add-in environment, so my information might not be accurate when it comes to Firefox.)

You might actually need to host a web service on localhost to accomplish this form of IPC.

Another related problem is that Chrome hates locally-installed add-ins and they seem to have been fighting a war against them for years now. Which means you might have to go through the hassle of putting them on the Chrome add-in "store" even though that's stupid for your product.

anotherusername

In Firefox, an extension can access the saved passwords:

var loginManager = Components.classes["@mozilla.org/login-manager;1"]
                   .getService(Components.interfaces.nsILoginManager);
var logins = loginManager.getAllLogins({});
// logins is now an array of nsILoginInfo objects, each with the following keys:
// hostname, formSubmitURL, httpRealm, username, usernameField, password, passwordField, encrypt

If they have a master password and they haven't entered it yet for the session, they'll be prompted to enter it.

More info:

https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsILoginManager

jules102_9

Is there something in particular you are trying to achieve with this? I am not sure how firefox stores the passwords but it would seem unwise to handle storing and encrypting those passwords in your potentially more vulnerable platform.

LB_

If you use Chrome, you don't even need to interface with it at all - the passwords are stored unencrypted on the disk and there are myriad of programs to view them. What I'm trying to say is, you don't want to store your passwords in your browser...

anotherusername

(Still Firefox) For local file I/O, check out:

https://developer.mozilla.org/en-US/docs/Mozilla/JavaScript_code_modules/OSFile.jsm

OS.File is designed for efficient, unrestricted, manipulation of files by Firefox itself and by add-ons.

asdf

@LB_ said in How to hook into browser password manager?:

If you use Chrome, you don't even need to interface with it at all - the passwords are stored unencrypted on the disk and there are myriad of programs to view them.

On Linux, Chrome uses GNOME Keyring, if installed.

dkf

@asdf said in How to hook into browser password manager?:

On Linux, Chrome uses GNOME Keyring, if installed.

On OSX, Chrome uses the system keychain manager.