#! /usr/bin/perl use strict; use warnings; use Getopt::Long(); use English qw( -no_match_vars ); use Firefox::Marionette(); use Firefox::Marionette::Profile(); use Text::CSV_XS(); use FileHandle(); use POSIX(); use Encode(); use Term::ReadKey(); our $VERSION = '1.10'; MAIN: { my %options; Getopt::Long::GetOptions( \%options, 'help', 'version', 'binary:s', 'import:s', 'export:s', 'only-host-regex:s', 'only-user:s', 'visible', 'debug', 'console', 'profile-name:s', 'list-profile-names' ); my %parameters = _check_options(%options); my @logins; if ( defined $options{'list-profile-names'} ) { foreach my $name ( Firefox::Marionette::Profile->names() ) { print "$name\n" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n"; } exit 0; } elsif ( defined $options{import} ) { @logins = _handle_import(%options); } elsif ( !$options{export} ) { $options{export} = q[]; } my $firefox = Firefox::Marionette->new(%parameters); if ( $firefox->pwd_mgr_needs_login() ) { my $prompt = 'Firefox requires the primary password to unlock Password Manager from ' . ( $parameters{profile_copied_from} || $parameters{profile_name} ) . q[: ]; print "$prompt" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n"; Term::ReadKey::ReadMode(2); # noecho my $password; my $key = q[]; while ( $key ne "\n" ) { $password .= $key; $key = Term::ReadKey::ReadKey(0); } Term::ReadKey::ReadMode(0); # restore print "\n" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n"; eval { $firefox->pwd_mgr_login($password); } or do { chomp $EVAL_ERROR; die "$EVAL_ERROR\n"; }; } if (@logins) { foreach my $login (@logins) { $firefox->add_login($login); } } if ( defined $options{export} ) { my $export_handle; if ( $options{export} ) { open $export_handle, '>:encoding(utf8)', $options{export} or die "Failed to open $options{export}:$EXTENDED_OS_ERROR\n"; } else { $options{export} = 'STDOUT'; $export_handle = *{STDOUT}; } _export_logins( $firefox, $export_handle, %options ); if ( $options{export} ne 'STDOUT' ) { close $export_handle or die "Failed to close $options{export}:$EXTENDED_OS_ERROR\n"; } } $firefox->quit(); } sub _handle_import { my (%options) = @_; my @logins; my $import_handle; if ( $options{import} ) { open $import_handle, '<:encoding(utf8)', $options{import} or die "Failed to open '$options{import}':$EXTENDED_OS_ERROR\n"; } else { $options{import} = 'STDIN'; $import_handle = *{STDIN}; } @logins = _read_logins($import_handle); if ( $options{import} ne 'STDIN' ) { close $import_handle or die "Failed to close '$options{import}':$EXTENDED_OS_ERROR\n"; } return @logins; } sub _csv_parameters { my ($extra) = @_; return { binary => 1, empty_is_undef => 1, %{$extra}, }; } sub _get_extra_parameters { my ($import_handle) = @_; my @extra_parameter_sets = ( {}, # normal { escape_char => q[\\], allow_loose_escapes => 1 }, # KeePass ); my $extra_parameters = {}; SET: foreach my $parameter_set (@extra_parameter_sets) { seek $import_handle, Fcntl::SEEK_SET(), 0 or die "Failed to seek to start of file:$EXTENDED_OS_ERROR\n"; my $parameters = _csv_parameters($parameter_set); $parameters->{auto_diag} = 2; my $csv = Text::CSV_XS->new($parameters); eval { foreach my $key ( $csv->header($import_handle) ) { } while ( my $row = $csv->getline($import_handle) ) { } $extra_parameters = $parameter_set; } or do { next SET; }; last SET; } seek $import_handle, Fcntl::SEEK_SET(), 0 or die "Failed to seek to start of file:$EXTENDED_OS_ERROR\n"; return $extra_parameters; } sub _read_logins { my ($import_handle) = @_; my $parameters = _csv_parameters( _get_extra_parameters($import_handle) ); $parameters->{auto_diag} = 1; my $csv = Text::CSV_XS->new($parameters); my @logins; my $count = 0; my %import_headers; foreach my $key ( $csv->header($import_handle) ) { $import_headers{$key} = $count; $count += 1; } my %mapping = ( 'web site' => 'host', 'login name' => 'user', login_uri => 'host', login_username => 'user', login_password => 'password', url => 'host', username => 'user', password => 'password', httprealm => 'realm', formactionorigin => 'origin', guid => 'guid', timecreated => 'creation_in_ms', timelastused => 'last_used_in_ms', timepasswordchanged => 'password_changed_in_ms', ); while ( my $row = $csv->getline($import_handle) ) { my %parameters; foreach my $key ( sort { $a cmp $b } keys %import_headers ) { if ( ( exists $row->[ $import_headers{$key} ] ) && ( defined $mapping{$key} ) ) { $parameters{ $mapping{$key} } = $row->[ $import_headers{$key} ]; } } foreach my $key (qw(host origin)) { if ( defined $parameters{$key} ) { my $uri = URI->new( $parameters{$key} )->canonical(); if ( !$uri->has_recognized_scheme() ) { my $default_scheme = 'https://'; warn "$parameters{$key} does not have a recognised scheme. Prepending '$default_scheme'\n"; $uri = URI->new( $default_scheme . $parameters{$key} ); } $parameters{$key} = $uri->scheme() . q[://] . $uri->host(); if ( $uri->default_port() != $uri->port() ) { $parameters{$key} .= q[:] . $uri->port(); } } } if ( ( $parameters{host} eq 'http://sn' ) && ( $import_headers{extra} ) && ( $import_headers{extra} =~ /^NoteType:/smx ) ) { warn "Skipping non-web login for '$parameters{user}' (probably from a LastPass export)\n"; } elsif (( $parameters{host} ) && ( $parameters{user} ) && ( $parameters{password} ) ) { push @logins, Firefox::Marionette::Login->new(%parameters); } } return @logins; } sub _export_logins { my ( $firefox, $export_handle, %options ) = @_; my $csv = Text::CSV_XS->new( { binary => 1, auto_diag => 1, always_quote => 1 } ); my $headers = [ qw(url username password httpRealm formActionOrigin guid timeCreated timeLastUsed timePasswordChanged) ]; my $count = 0; foreach my $login ( $firefox->logins() ) { if ( ( $options{'only-user'} ) && ( $login->user() ne $options{'only-user'} ) ) { next; } if ( ( $options{'only-host-regex'} ) && ( $login->host() !~ /$options{'only-host-regex'}/smx ) ) { next; } if ( $count == 0 ) { $csv->say( $export_handle, $headers ); } my $row = [ $login->host(), $login->user(), $login->password(), $login->realm(), ( defined $login->origin() ? $login->origin() : ( defined $login->realm() ? undef : q[] ) ), $login->guid(), $login->creation_in_ms(), $login->last_used_in_ms(), $login->password_changed_in_ms() ]; $csv->say( $export_handle, $row ); $count += 1; } return; } sub _check_options { my (%options) = @_; if ( $options{help} ) { require Pod::Simple::Text; my $parser = Pod::Simple::Text->new(); $parser->parse_from_file($PROGRAM_NAME); exit 0; } elsif ( $options{version} ) { print "$VERSION\n" or die "Failed to print to STDOUT:$EXTENDED_OS_ERROR\n"; exit 0; } my %parameters = ( logins => {} ); foreach my $key (qw(visible debug console)) { if ( $options{$key} ) { $parameters{$key} = 1; } } if ( $options{binary} ) { $parameters{binary} = $options{binary}; } if ( $options{'profile-name'} ) { $parameters{profile_name} = $options{'profile-name'}; } elsif ( !defined $options{import} ) { my $profile_name = Firefox::Marionette::Profile->default_name(); $parameters{profile_copied_from} = $profile_name; my $directory = Firefox::Marionette::Profile->directory($profile_name); foreach my $name (qw(key3.db key4.db logins.json)) { my $path = File::Spec->catfile( $directory, $name ); if ( my $handle = FileHandle->new( $path, Fcntl::O_RDONLY() ) ) { push @{ $parameters{import_profile_paths} }, $path; } elsif ( $OS_ERROR == POSIX::ENOENT() ) { } else { warn "Skipping $path:$EXTENDED_OS_ERROR\n"; } } } return %parameters; } __END__ =head1 NAME firefox-passwords - import and export passwords from firefox =head1 VERSION Version 1.10 =head1 USAGE $ firefox-passwords >logins.csv # export from the default profile $ firefox-passwords --export logins.csv # same thing but exporting directly to the file $ firefox-passwords --list-profile-names # print out the available profile names $ firefox-passwords --profile new --import logins.csv # imports logins from logins.csv into the new profile $ firefox-passwords --export | firefox --import --profile-name new # export from the default profile into the new profile $ firefox-passwords --export --only-host-regex "(pause|github)" # export logins with a host matching qr/(pause|github)/smx from the default profile $ firefox-passwords --export --only-user "me@example.org" # export logins with user "me@example.org" from the default profile =head1 DESCRIPTION This program is intended to import and export passwords from firefox. It uses the L and the L to access the L. This has been tested to work with Firefox 24 and above and has been designed to work with L =head1 REQUIRED ARGUMENTS Either --export, --import or --list-profile-names must be specified. If none of these is specified, --export is the assumed default =head1 OPTIONS Option names can be abbreviated to uniqueness and can be stated with singe or double dashes, and option values can be separated from the option name by a space or '=' (as with Getopt::Long). Option names are also case- sensitive. =over 4 =item * --help - This page. =item * --version - Print the current version of this binary to STDOUT. =item * --binary - Use this firefox binary instead of the default firefox instance =item * --export - export passwords to STDOUT or the file name specified. =item * --import - import passwords from STDIN or the file name specified. =item * --list-profile-name - print out the available profile names =item * --profile-name - specify the name of the profile to work with. =item * --visible - allow firefox to be visible while exporting or importing logins =item * --debug - turn on debug to show binary execution and network traffic during exporting or importing logins =item * --console - make the browser javascript console appear during exporting or importing logins =item * --only-host-regex - restrict the export of logins to those that have a hostname matching the supplied regex. =item * --only-user - restrict the export of logins to those that have a user exactly matching the value. =back =head1 AUTOMATIC AND MANUAL PROFILE SELECTION firefox-passwords will automatically work with the default L. You can select other profiles with the --profile-name option =head1 PRIMARY PASSWORDS firefox-passwords will request the L if required when importing or exporting from the L. =head1 EXPORTING AND IMPORTING TO GOOGLE CHROME OR MICROSOFT EDGE firefox-passwords will natively read and write login csv files for Google Chrome and Microsoft Edge. =head1 PASSWORD IMPORT/EXPORT FORMAT firefox-passwords will export data in CSV with the following column headers "url","username","password","httpRealm","formActionOrigin","guid","timeCreated","timeLastUsed","timePasswordChanged" firefox-passwords will import data in CSV. It will permit headers to be in a different order, with different capitalizations, but the data must include the "url", "username" and "password" columns, in no particular order. =head1 PASSWORD IMPORTING FROM BITWARDEN firefox-passwords will also accept input data in L, which includes the following column headers; ...,"login_uri","login_username","login_password",... =head1 PASSWORD IMPORTING FROM LASTPASS firefox-passwords will also accept input data in L, which includes the following column headers; url,username,password,totp,extra,name,grouping,fav The LastPass CSV export also can include an unusual "url" value of "http://sn" for server logins, database logins, etc. All logins with a "url" value of "http://sn" AND an "extra" value matching the regular expression /^NoteType:/ will be skipped (as there is no use for these types of login records in firefox. =head1 PASSWORD IMPORTING FROM KEEPASS firefox-passwords will also accept input data in L, which includes the following column headers; ...,"Login Name","Password","Web Site",... =head1 CONFIGURATION firefox-passwords requires no configuration files or environment variables. =head1 DEPENDENCIES firefox-passwords requires the following non-core Perl modules =over =item * L =back =head1 DIAGNOSTICS None. =head1 INCOMPATIBILITIES None known. =head1 EXIT STATUS This program will exit with a zero after successfully completing. =head1 BUGS AND LIMITATIONS No bugs have been reported. Please report any bugs or feature requests to C, or through the web interface at L. =head1 AUTHOR David Dick C<< >> =head1 LICENSE AND COPYRIGHT Copyright (c) 2021, David Dick C<< >>. All rights reserved. This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See L. =head1 DISCLAIMER OF WARRANTY BECAUSE THIS SOFTWARE IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE SOFTWARE, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE SOFTWARE "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE SOFTWARE IS WITH YOU. SHOULD THE SOFTWARE PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE SOFTWARE AS PERMITTED BY THE ABOVE LICENCE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE SOFTWARE (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE SOFTWARE TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.