Browser forensics are something we do not pay attention to, where you browser inputs are stored and recalled from whenever you are shopping online or completing a registration field or form .
Dumpzilla application is developed in Python 3.x and has as purpose extract all forensic interesting information of Firefox, Iceweasel and Seamonkey browsers to be analyzed. Due to its Python 3.x developement, might not work properly in old Python versions, mainly with certain characters. Works under Unix and Windows 32/64 bits systems. Works in command line interface, so information dumps could be redirected by pipes with tools such as grep, awk, cut, sed… Dumpzilla allows to visualize following sections, search customization and extract certain content.
When you download , install and connect dumpzilla successfully on your computer.
Open dumpzilla and extract the Firefox profile which could be found here on macOS
<USERNAME-HERE> portion of the directory path. Every user on the MacBook has their own Profiles/ directory. And by default, a user doesn’t have read access (file permissions) to view the profiles belonging to other users.
Extract password from downloaded profile
Back on the Kali machine, there will be a new Profiles/ directory. In it, there will be at least one directory following the naming scheme xxxxxxxx.default/. By default, Firefox automatically generates eight random characters (xxxxxxxx) and prepends them to the profile name. For example, users with multiple profiles may have directories called “w9wuahzu.work/,” “ei49j03w.personal/,” and “r3h84t9t.default.” Each directory can be individually processed using dumpzilla.
To extract passwords found in a particular Firefox profile, use the
python3 dumpzilla.py Profiles/xxxxxxxx.default/ --Passwords command.