If you have passwords that are used outside the browser, putting them into the browsers password manager, getting them out feels a little cumbersome.
Related to the tool: Why not just click the export button in Firefox?
I implemented login credential extraction for both Chrom* and FF-based browsers in the somewhat shambolic but generally-useful `browser_cookie3` Python module last year:
https://github.com/borisbabic/browser_cookie3/compare/master...
If you glance at the code there's a single "key encryption key" in the whole SQLITE file (in the 'metadata' table). That key is decrypted using AES with the PBKDF2 derived secret.
Then each password is in turn encrypted using TripleDES. The "data encryption key" for each these records is in turn encrypted using the aforementioned "key encryption key".
My suspicion is that the TripleDES format must be really old, and when they migrated the crypto layer to use AES they just re-encrypted the top layer (the "key encryption key" later) to use AES. It's much faster (and safer) to just re-encrypt all the TripleDES keys with the new AES than go and mess with "all" the records in the database. It's inelegant and lazy but you effectively get "AES level" of security without having to do all the work, so to speak…
https://github.com/Sohimaster/Firefox-Passwords-Decryptor/bl...
What's wrong with it ? /s
Much better to just talk to others than use Google.
and Google and quora are in cahoots, right?