• ARTICLES
SEARCH

How-To Geek

Stupid Geek Tricks: Hacking the Firefox Profile Data Storage

image

Have you ever wondered where Firefox keeps all of the history it has remembered from your previous browsing sessions… not just URL’s but saved password, form data and certain preference values? The answer, quite simply, is inside of SQLite databases in your Firefox profile folder.

Using an open source program, SQLite Database Browser, you can not only see the structure of the individual databases but browse and, if you are so inclined, manipulate all the data in each of the tables. While this article focuses on Windows, the same basic information should apply to Linux and Mac users as well.

Viewing the Firefox Profile Data

Before getting started, make sure Firefox is closed so there are no problems with locks on any of these files.

Open SQLite Database Browser, click the open icon and navigate to your Firefox Profile. In Windows 7, the location is here:

%UserProfile%\AppData\Roaming\Mozilla\Firefox\Profiles\<random>.default

An interesting database we will take a look at is “formhistory.sqlite”.

image

The reason this particular database is interesting is because it stores values you enter into form input fields such as your address, email and phone number (if you have Firefox set to keep this information).

As you can see when you open this file and browse the “moz_formhistory” table, there are loads of entries which give you a bit of insight into how this feature works. Essentially the name of the HTML field where you entered the data is stored in the “fieldname” column and the respective value in the “value” column.

Because field names such as “Email” and “Subject” are very common and likely to be across multiple sites, you may see several entries for the same “fieldname” value with different “value” values. This also explains why you can see values you entered on one site when you are filling out a form on a completely different site.

image

However, this information can be sensitive. For example, if I search for my credit card number (by pattern) I can find the plain text entry in this database.

image

If you find entries like this you want to get rid of, simply locate the respective “id” value in the Browse Data tab and click the Delete Record button, save your changes and it is gone.

This can be useful for not only clearing sensitive data, but also entries such as old email addresses or phone numbers without having to clear out all of your history.

image

Other Profile Databases

While there are several more SQLite databases you can take a look at (all having the .sqlite file extension), below are some which may be of interest. You can open these using the SQLite Database Browser exactly as shown above.

  • addons.sqlite = Installation information on installed add-ons. This is most likely used for keeping your installed add-ons current.
  • content-prefs.sqlite = Stores information specific to web sites and your settings. For example, the last used location on your computer to upload a file.
  • downloads.sqlite = Information about items which appear in your download items list.
  • extensions.sqlite = Information about installed add-ons. There is nothing too insightful here, but if you are looking for intricate details about an add-on, the information here may be helpful.
  • formhistory.sqlite = (covered in detail above) All non-password data which has been saved in Firefox.
  • signons.sqlite = Saved login password information. The passwords are encrypted against your master password but you can view the number of times each one has been used.

Take a look and if you find something interesting, please share.

 

Download SQLite Database Browser

Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away. Interact with him on Google+

  • Published 08/2/11

Comments (15)

  1. SQLite User

    SQLiteSpy is far more convenient than the browser mentioned above.
    http://www.yunqa.de/delphi/doku.php/products/sqlitespy/index

  2. Ken Saunders

    Hey this is awesome.
    Thanks for sharing it.

  3. Wim

    You can also use an add-on to reveile the secrets for passwords, cookies, formdata etc.
    https://addons.mozilla.org/en-US/firefox/addon/data-manager/

  4. Jason Faulkner

    @SQLite User – Yeah, there are tons of SQLite viewers out there. I just chose the one I did because it was very simple.

    @Wim – You know, I looked and didn’t find an add-on which let you manipulate these tables. Thanks for passing along that link.

  5. boocat

    Where’s the location in Windows XP?

  6. Bob

    Great article all the way around!

    Now I need to do this on my Mac at the office.

  7. Jason Faulkner

    @boocat – Try: %UserProfile%\Application Data\Mozilla\Firefox\Profiles\.default

  8. Kevin

    For XP, open up a command prompt, go to the root of the C:\ drive and type this: dir *.sqlite /s
    You might have to scroll up a bit to find where they are located but that’s how I found mine.

  9. Kohaku

    Any idea about IE?

  10. Allen

    Excellent, eye opening, article.

  11. Jason Faulkner

    @Kohaku – IE stores form data encrypted in the system registry.
    While I am not aware of a utility which can extract just the form text data, I previously covered how to extract the IE password data: http://www.howtogeek.com/68231/how-secure-are-your-saved-internet-explorer-passwords/

  12. audiophiler

    I was always wondering where FF stores things, now I know!

  13. Andrew

    That I like to do, is move places.sqlite somewhere else and add symbolic links for this file, that way I can keep my bookmarks between different profiles.

  14. Anon

    Best program I have come across in a long time. If you went into about:config to find left over residue/orphaned settings of old no longer installed addons, it could take a while searching, even after cleaning about:config manually, this program provided scraps whats really left over in addons.sqlite.

    I cleared out about 13 left over crap.

    Thanks How-To Geek!

  15. Pjotr

    For those who use Ubuntu Linux: there is a SQlite Database Browser that looks quite like this one so I assume this has been written as “multi-platform” It’s in the Ubuntu repo. Just look for “SQlite databasebrowser” in the Software centre and start sniffing around… Indeed you will be amazed…and a bit more careful I suppose:-)
    Cheers,
    Pjotr

Enter Your Email Here to Get Access for Free:

Go check your email!