Retrieving forgot passwords
You know how you allow your browser to save passwords and then forget the master password and can’t see the passwords anymore? Or you own IE6 where you can’t even see what the darn thing saved?
When I was in a situation like this I wrote a simple favelet/bookmarklet that lets you steal your own passwords that are autofilled by the browser.
When run, the favelet will go through all the input fields that have type set to password (the ones you can’t see, cause the browser will mask the content to * or dots) and alert their name and value.
This kind of script, combined with XHR can be a powerful attack tool since you can use it to steal passwords of other people if you can slip it in the page they’re looking at. More about it on ajaxian. Don’t use this script for anything like that!
