Google Chrome: Import/Export Passwords?

19

10

I recently migrated from Windows7 to Kubuntu 10.0.4. In many ways, I'm loving the change. (I never knew it could be such a seemless process to write/test scripts!)

One of the few things that is causing me any hangup is that none of the passwords that were saved in my browser are available (obviously, since it's a completely separate installation). Is it possible to export my passwords from the Windows instance of Chrome and then import them into the Linux version?

Jeffrey Blake

Posted 2010-07-17T13:27:37.570

Reputation: 460

An answer is available here http://superuser.com/a/675167/65975

– ccpizza – 2015-10-11T08:58:24.957

The functionality appears to be built into chrome://settings/passwords now. See the duplicate question to which ccpizza links above. – Mathieu K. – 2019-03-11T06:55:23.497

Answers

8

As Neal said, the folder User Data is the one to look for. If you want a software solution try the extension Lastpass (or at the Google site). It allows you to save and restore password in Google Chrome as well as in Firefox, IE and Safari.

qbi

Posted 2010-07-17T13:27:37.570

Reputation: 591

I've been using LastPass for 2 years and it works great! Got it on 6 browsers on 4 different OS's – TheLQ – 2010-07-17T17:10:12.373

I don't think that the User Data part is still relevant as Chrome now stores its saved credentials in the system's keyring. Also, it should be mentioned that LastPass is a commercial service whose feature is to sync passwords "in the cloud" and which will ask you to register an account and send the passwords to them. It's not a simple "export" extension. – Hey – 2017-05-23T18:06:32.140

2It seems that lastpass is not longer able to export the passwords to chrome -.- Is there already a new solution? – LuckyMalaka – 2012-03-02T07:38:42.770

@mmm... This is almost a month after you asked, but I wanted to answer you: I don't think you need to export the passwords with Lastpass. Just install the extension onto whichever browser you use and they will be available. From any system. The passwords are stored in their encrypted vault, so you don't have to worry about any of that on your end. – Jeffrey Blake – 2012-03-30T17:33:46.080

10

Enable password export in Chrome by going to chrome://flags/#password-import-export, then you can export it to CSV file.

Source: How to Export and Import passwords in Chrome browser.

Adam

Posted 2010-07-17T13:27:37.570

Reputation: 201

This should be the accepted answer. It's simple, doesn't require additional software and is totally safe as it doesn't require the user to trust some unknown shady freeware. – Hey – 2017-05-23T18:02:56.197

5As an update, for Chrome 59 this still works but you will need to go to chrome://settings-frame/passwords to access import/export ability after the flag – Legion – 2017-06-15T17:55:56.623

For Chrome 63, it's back to being available from the normal "Settings" → "Advanced" → "Manage Passwords" – Micah Lindström – 2018-01-19T15:39:10.750

For Chrome 66, it no longer works – None – 2018-05-11T06:29:47.170

10

You can also use this standalone tool called chromepass http://www.nirsoft.net/utils/chromepass.html

ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser.

There is a option to export into your keepass password manager too.

Note: If you feel unsafe to use third-party tools, get script from here https://github.com/hassaanaliw/chromepass and run yourself.

Arul

Posted 2010-07-17T13:27:37.570

Reputation: 534

Thank You! Good solution. Just don't forget to turn off the security scanner before, because detects as a harmful software what want to stole your information. – eapo – 2016-07-04T22:10:56.913

@eapo Disabling the security software detecting a program as malicious is an incredibly stupid thing to do unless the code has been at least well-reviewed, which it hasn't be because the code is not public. This program is detected as malicious by at least 17 antiviruses (https://www.virustotal.com/fr/file/47818d415f097d9f9db44404c025efc2d3c931dd7c0acf1c1bc9036863c49c99/analysis/). Bonus point for being distributed over HTTP and therefore being vulnerable to tampering.

– Hey – 2017-05-23T17:55:59.913

@YdobEmos It's labeled as malicious because it retrieves stored passwords and may therefore be used in a malicious way. NirSoft is a trustworthy company. – DavidPostill – 2017-05-23T19:40:05.750

anyone (except @YdobEmos) can disable the system's security scanner for the moment of using the tool, just don't forget to enable after it. ;) – eapo – 2017-05-24T07:08:49.200

@DavidPostill May I ask what tells you that this is a trustworthy company ? Anyone can set up a website and tell users to trust them. Also, this does not solve the unsecured connection problem. Even if the code is trustworthy, nothing tells you that the binary hasn't been tampered with, which is a real attack and not a theoretical threat. – Hey – 2017-05-24T12:37:30.347

@YdobEmos Feel free to not use the program. – DavidPostill – 2017-05-24T12:41:43.250

@DavidPostill How is this answer helpful to anyone ? I'm raising a serious concern over this answer's security, which could cause unexperienced users to become infected, and your answer to these concerns is "just don't use it" ? I was never going to use it anyway and it's not the problem. The problem is that this software has not been proved trustworthy, is detected as a malware by several well-known antiviruses, and should not be recommended to these users without having been proven safe. – Hey – 2017-05-24T12:47:36.693

@YdobEmos I've used it, and many other NirSoft programs, without any problems at all. I've explained already exactly why it is flagged as unsafe by anti-virus vendors. They are are playing safe because it could be used by hackers to retrieve passwords. That doesn't mean the programs don't have legitimate uses and are inherently unsafe. There is no evidence that anyone has had data lost or stolen through using these or other similar password retrieval programs. – DavidPostill – 2017-05-24T13:13:22.140

First, "never had any problems" is not relevant to security at all. The people who used chinese smartphones also had "never had any problems" before it was discovered that said smartphones sent their personal info to shady companies without their consent. Second, you have not provided any source for why antivirus softwares flag it that way, and therefore it is nothing more than speculation. Third, binary tampering is still possible. Your third argument is just a replay of the "never had problems" one. This answer is the exact opposite of good security practice, and there are safer methods. – Hey – 2017-05-24T14:14:06.727

@YdobEmos you can use this https://github.com/hassaanaliw/chromepass

– Arul – 2017-05-24T16:59:51.860

1@Arul Thank you, but I solved my password extraction problem with Adam's answer, which requires nothing more than Chrome. I was raising concerns that this answer could put other users at risk while not being necessary at all. I hope my comments will at least make them think twice before running an untrusted binary downloaded over an insecure connection. – Hey – 2017-05-24T18:28:27.473

Perfect! I'm in the process of migrating to KeePass and this is just what I need. Thanks! – Tim Lewis – 2013-08-20T17:28:59.717

5

I found a decision how to show all your passwords from Chromium. Tested on Ubuntu 14.04 and Chromium: Version 40.0.2214.111 Ubuntu 14.04 (64-bit). I used js script found early in search.

Output maked in format: url|login|pass

Steps:

  1. Open in Chromium browser link to Chrome password manager: chrome://settings-frame/passwords

  2. Open console (F12) and insert this js code:


    out="";
    out2="";
    var pm = PasswordManager.getInstance();
    var model = pm.savedPasswordsList_.dataModel;
    var pl = pm.savedPasswordsList_;

    for(i=0;i<model.length;i++){
       PasswordManager.requestShowPassword(i);
    };

  1. After step 2 you will see all your passwords in Chromium Password manager Dialog.

  2. And now insert this part of js code in console:


    for(i=0;i<model.length;i++){
    var item = pl.getListItemByIndex(i);
    out+="\n"+model.array_[i][0]+"|"+model.array_[i][1]+"|"+item.childNodes[0].childNodes[2].childNodes[0].value;
    out2+='<br/>"http://'+model.array_[i][0]+'","'+model.array_[i][1]+'","'+item.childNodes[0].childNodes[2].childNodes[0].value+'","http://'+model.array_[i][0]+'","","",""';
    };
    console.log(out);
    document.write(out2);

  1. Now you see all your passwords in format i described early.

  2. Write script on any language to import your passwords in browser like FireFox :)

  3. Profit.

Github: https://github.com/megmage/chrome-export-passwords

p.s. I Try to use all parts of code together, but it isnt work :(

update: Chrome API based version in GitHub.

Skidisaster

Posted 2010-07-17T13:27:37.570

Reputation: 51

1Thanks! For Chrome 48.0.2564.109 m it is needed to small change: replace [0] to origin and [1] to user. – Grigory Kislin – 2016-02-19T09:42:55.170

I updated my github source code. Sources for Chrome 51+ and before 51 is defferent. – Skidisaster – 2016-06-29T07:32:57.063

Step 4 no longer works. I used the following instead: https://gist.github.com/Grogs/b08d1fa288c3b6bb29ee3703218c2300

– Grogs – 2016-10-26T13:20:22.887

4

You could try XMarks.

I'm fairly sure that if you just copied the profile (ie the stuff in C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default)from Windows to Linux, you would get everything working correctly, without any export/ import.

Neal

Posted 2010-07-17T13:27:37.570

Reputation: 8 447

The exact file where the passwords are stored is Login Data. – chris-l – 2013-08-26T17:01:19.010

1Latest versions of chrome don't store the actual passwords in that file anymore. On windows it uses the system credential storage and on Linux the system keyring is used. – ccpizza – 2013-11-12T23:09:39.963

xmarks does not synchronize passwords anymore, gotta use lastpass – arod – 2013-11-29T23:38:38.790

0

Export

  1. Go to chrome://flags/#password-import-export page (paste into address bar).
  2. Enable Password import and export and restart web browser.

  3. Go to chrome://settings/passwords, you should see the Export button.

    Alternatively run this script in DevTools Console (JS):

    chrome.passwordsPrivate.exportPasswords();

  4. Export into CSV and verify the content of it.

    Note: If CSV file is empty, check this Issue 808233.

kenorb

Posted 2010-07-17T13:27:37.570

Reputation: 16 795

-1

Fix on solution posted by Skidisaster

out="";
out2="";
var pm = PasswordManager.getInstance();
var model = pm.savedPasswordsList_.dataModel;
var pl = pm.savedPasswordsList_;

for(i=0;i<model.length;i++){
   PasswordManager.requestShowPassword(i);
};


for(i=0;i<model.length;i++){
var item = pl.getListItemByIndex(i);
out+="\n"+model.array_[i].shownOrigin+"|"+model.array_[i].username+"|"+item.childNodes[0].childNodes[2].childNodes[0].value;
out2+='<br/>"http://'+model.array_[i].shownOrigin+'","'+model.array_[i].username+'","'+item.childNodes[0].childNodes[2].childNodes[0].value+'","http://'+model.array_[i][0]+'","","",""';
};
console.log(out);
console.log(out2);
document.write(out2);

user1758939

Posted 2010-07-17T13:27:37.570

Reputation: 1

Asked: 2010-07-17T13:27:37.570

Viewed: 133 657 times

Active: 2018-02-02T00:02:49.813