I know that technically, this question should be asked on phpStorm's forums, but being a popular IDE (I bet an eventual solution would also work for other popular IDEs from JetBrains), I'm thinking:
someone on SO might know and share the answer (faster than I'd get it from vendor)
the question answer might be useful and valuable to other coders (for that matter, even if I shall need to go on the vendor's forum I will get back with the answer here, when I find it)
If there is any need of context: I accidentally switched the connection type of a saved connection from ftp to local folder and when I switched back, the saved credentials were gone.
The question: Can I retrieve the saved password...
Angle 1: ...from this computer?
Angle 2: ...from another computer that has the same credentials saved, which I could access via TeamViewer, but has the password ●●●●●●(hidden)?
Edit: This method can only be used in the version of 2016.1 or before. For newer version (probably 2016.2), they changed the encode method. There is no clue for me to decode it.
Open C:\Users\.WebIde100\config\options\webServers.xml
Find your FTP and get the encrypted password from the password attribute.
Decrypt the password. I have written a PHP script to decrypt the string:
$pwd = "Your encrypted password here.";
$decrypted = '';
while (strlen($pwd) > 0) {
$decrypted .= chr(hexdec(substr($pwd, 0, 4)) ^ hexdec('dfaa'));
$pwd = substr($pwd, 4, strlen($pwd) - 1);
}
echo $decrypted;
If you trust my tools, you can use https://louislam.net/phpstorm-decrypt-password
If you use KeePass database file to store passwords, you can easely set password for that file, save and then open in KeePass manager, or migrate to other PHPStorm.
Go to Settings/Preferences | Appearance & Behavior | System Settings
| Passwords, enter new master password and save.
Open /.PhpStorm2017.1/config/c.kdbx (in "Keepass 2" or "Keeweb") with saved master password.
Here it is!
See answer here
Retrieve saved (hidden) SSH password from PhpStorm 2017.1
One way that just worked for me was to install Wireshark.
Use a capture filter of 'ftp', and do a "Test connection" inside PHPStorm.
Now stop the capture and examine what you've sniffed. The password will be in there.
I know this is a 1 year old question, but for everyone else, you can try to copy the selected (hidden) password with CTRL+C, and paste it in a text document (tested with 2016.3 on Debian).
For OSX users
Open keychain -> select the System Roots keychain (on the left side) -> search for IntelliJ.
If you click it you will see the ftp-username in the "Account" field. You can also use right click on the records to copy the password.
Related
How to remove Brave browser Wallet? (It is similar to MetaMask but is baked into browser )
Page at brave://wallet/ is asking for password, that I don't remember and I don't need that,
I just need new.
Searches give no result so far.
P.S. Source of extensions are at https://github.com/brave/ethereum-remote-client
Issues there are disabled, and it looks like Brave orgnization guide to add issues into main https://github.com/brave/brave-browser repository that have 3k open issues
P.P.S.
https://community.brave.com/t/deleting-crypto-wallet/149327/3 point to https://github.com/brave/brave-browser/issues/10999 that is actually about removing account within wallet.
https://www.reddit.com/r/brave_browser/comments/9y7a06/is_there_a_way_to_delete_a_wallet/ suggest to play with (giving disclaimer) browser data folder
On you Windows machine, the bulk of your Wallet data is stored in ~/AppData/local/BraveSoftware/Brave-Browser/userdata/default in a file named ledger_state
EDIT: It seems that Brave actually implemented a way to reset the wallet.
Go to Settings > Wallet (in the left column) > Reset Wallet > Type in "Yes"
I've tried to delete different files and found out that after deleting the folder %LocalAppData%\BraveSoftware\Brave-Browser\User Data\Default\Local Extension Settings\odbfpeeihdkbihmopkbjmoonfanlbfcl resets the wallet and you can create a new one. But that doesn't reset the whole wallet thing, normally you have to press a button "I understand" before you can create, restore and so on.
So navigate to chrome://version to check profile location see https://chromium.googlesource.com/chromium/src/+/HEAD/docs/user_data_dir.md
and then delete/rename Local Extension Settings\odbfpeeihdkbihmopkbjmoonfanlbfcl folder, then you can create new wallet. (Of cause old wallet is gone)
I seems not possible currently,
removing Brave Wallet extention is also not possible.
it is open issue
https://github.com/brave/brave-browser/issues/8742
What you can do, is to remove C:\Users[your user]\AppData\Local\BraveSoftware.
Then brave lets you setup a new wallet.
I just disabled the Crypto Wallet extension. Crypto Wallet extension
In settings -> wallet, where it says 'default cryptocurrency wallet' set that to none, so that it doesn't override any other wallet you want to use.
I saved a publish profile into an .xml along wit all the login info. But when i import this XML to another computer and try to publish, it'll say that my password is incorrect.
What can I do to have the password correctly saved into the publish profile and compatible with other computer?
My guess is that the program purposely obfuscates the passwords using the current PC's "salt" and generates a unique hash. Thus, preventing the passwords from being stolen via the profile publish function.
As mentioned by user1785999, you can save the password in plain text, just add the password element to your .pubxml file:
<UserName>YourName</UserName>
<Password>YourPassword</Password>
If you want the publishing profile to work across different computers, you need to save the password in plain text.
Just to add an additional answer, this may be version specific for .pubxml, but you can add these line to ensure visual studio save the password.
Make sure to use the ".\" prefix for a local account, and "domain\" prefix for an Active Directory account.
<UserName>.\PubUser1</UserName>
<UserPWD>Password1234</UserPWD>
<_SavePWD>True</_SavePWD>
My Firefox extension needs to replace/delete key3.db in the Firefox profile, is there a way to do that? I tried to nsIFile.copyTo() but the file is not overwritten, nsIFile.remove() but it returns NS_ERROR_FILE_IS_LOCKED.
No, replacing a file while it's being used isn't a good idea. Instead you should be using the XPCOM functionality meant to manipulate this file (meaning the master password). Something like this should work:
var pk11db = Components.classes["#mozilla.org/security/pk11tokendb;1"]
.getService(Components.interfaces.nsIPK11TokenDB);
var token = pk11db.getInternalKeyToken();
token.changePassword("", "foobar");
Using "" instead of "foobar" should remove the master password. However, I'm not entirely sure that changing the master password will work without querying the current password. Firefox Mobile can be used as a relatively simple code example.
I am using command line with bash in Mac OS X. I will ask in my script:
Enter your password?
>
Do you want to save it and do not ask this more?
The password is to unzip a file. To do this, it always has to be entered, but I want it to only be entered once.
I can easily save it in a text file, but that is too obvious.
So I want to save it in the system. Windows has the "Windows Registry". Is there a similar system in Mac OS X (or Unix) that I can save it in and it will not be lost?
Or is there another way to save the password and it will be more secure? I know if someone runs the script with debug mode (showing how the command line is created) he will easy find the password, but he will have to get the computer, so is a kind of physical security.
You could do it the way system passwords are stored: use a plain text file but store a checksum instead of plain text password. It would be best of the file wasn't accessible to the user, but even if it is, it's not that easy to reverse a checksum. Suppose you read the password into variable password. Then, you could do something like echo "$password" | sha1sum - > password_file. Then at next login, run the password provided by user through the same command and compare results. This way you can check if they entered the correct password without storing the password in cleartext.
Either use your OS's keyring (OSX has something like this), or store it in plain text. Don't pretend that you are secure when you are not. If you cannot store things securely, then store them in plain sight, so the user is not given a false sense of security.
I'm looking for a way to dump (export) the contents of an OS X keychain into a file that I can easily process elsewhere, such as tab-delimited plaintext or something of the sort.
The Keychain Access app does not offer any such functionality, and getting a key's data involves opening each in turn, and having to type in the keychain's password to see the password stored with the key, every time.
After a bit of digging, I found somebody's solution by using AppleScript and the Keychain Scripting app to access keychains (can't link to individual post; scroll down about two thirds to the end of the page):
http://discussions.apple.com/thread.jspa?threadID=1398759
Using Keychain scripting, you can access all data fields of all the keys – including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.
However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
I'm now looking for a solution to get around this. I realize that as it's the purpose of keychains to safeguard the sensitive data and prevent precisely the kind of thing I'm trying to do, any such solution would probably involve some kind of hack.
I'd be very interested in your ideas!
Allright, I'm stupid. There's a command-line tool called security that does just this (and lots of other actions on keychains).
An example usage:
security dump-keychain -d login.keychain
This will dump all the data in the login.keychain (the default keychain for a user) as plaintext, including the passwords. You still have to confirm access , but only once for each key, and it's much faster than (and doesn't throw weird errors when trying to access certain fields) using AppleScript. And it's no hack.
Without the -d option, it will dump all the fields except for the password.
The dumped data for a key looks like this (for an internet key; program keys and certificates have other fields, but the format is the same):
keychain: "/Users/<username>/Library/Keychains/login.keychain"
class: "inet"
attributes:
0x00000007 <blob>="tech.slashdot.org (<username for this web login>)"
0x00000008 <blob>=<NULL>
"acct"<blob>="<username for this web login>"
"atyp"<blob>="form"
"cdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>="Kennwort des Web-Formulars"
"icmt"<blob>="default"
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303038303432333038323730355A00 "20080423082705Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>="http"
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="tech.slashdot.org"
"type"<uint32>=<NULL>
data:
"<the plaintext password for this key>"
Please read this: https://gist.github.com/rmondello/b933231b1fcc83a7db0b
Ignore:-----
I found a sollution to the "Always Allow" dialog in each key!
Just run the previous command with sudo.
sudo security dump-keychain -d login.keychain
This way you'll only need to enter your password two times. One on the Terminal to sudo and another to unlock the keychain! ;)
Have a nice day!
Update, there is now a tool that does this nicely:
Keychaindump is a proof-of-concept tool for reading OS X keychain passwords as root. It hunts for unlocked keychain master keys located in the memory space of the securityd process, and uses them to decrypt keychain files.
Source: https://github.com/juuso/keychaindump
Actually I was just looking for the same:
Modified applescript from github somebody posted. To be run in ScriptEditor and must be allowed in Preferences & Security.
set keychainPassword to "yourpasswordgoeshere"
tell application "System Events"
repeat while exists (processes where name is "SecurityAgent")
tell process "SecurityAgent"
delay 0.1
try
set value of text field 1 of window 1 to keychainPassword
click button "Allow" of window 1
end try
end tell
end repeat
end tell
You must click each window separetly in order to activate them. For that I used tool "murgaa auto clicker" I had known from runescape many years ago (http://www.murgaa.com/auto-clicker-mac/ seems still active). You just set shortcut for autoclicking (eg. Command+R) and set timer to 10ms and it works like charm.
Keysafe
Keysafe reads and decrypts Apple Keychain files. Use Keysafe to securely access your passwords and credentials without a Mac.
I wrote a tool called Keysafe to extract the contents of Keychain files. The tool is available on Mac, Windows, and Linux.
Keysafe is not free; a licence is required to fully decrypt a Keychain. Without a licence the contents are still extracted but the decrypted values are partially redacted and secure notes are not post-processed into RTFD files.
If you have a Keychain that does not "just work" with Keysafe, please get in touch. The Keychain format is expansive and finding edge cases is always interesting.
I found solution for not clicking "Allow" multiple times
sudo su
security dump-keychain -d /Users/YourUsername/Library/Keychains/login.keychain