How can I trace which page or addon query password manager?
After I have installed Browsec 2.0.3 addon into my FireFox 45.0.2 under Windows 7 the FireFox started to ask for my master password right after startup, and if I decline entering the master password then an icon of Browsec is not displayed at FireFox status bar. Therefore I suspect Browsec accessing FireFox Password Manager without clear reason. How can I check is it true (without debugging FireFox itself)?
Chosen solution
I have got an official answer from Browsec authors confirming that their application stores (automatically generated) add-on credentials with FireFox's password/login manager and retrieves it on start to authenticate with their proxy service.
I have made a quick look over the addon sources, found corresponding functionality and may confirm that (at least for now) it does exactly what they claim it is supposed to do, and it does not try to leak or to search for any other credentials from password manager.
And finally, FireFox has an option to trace access to password manager. There are the details: https://wiki.mozilla.org/Firefox:Password_Manager_Debugging
Read this answer in context 👍 1All Replies (4)
Presumably the addon you ask about is
- Browsec VPN 2.0.3 https://addons.mozilla.org/firefox/addon/browsec/
To find the correct solution to your problem, it may help if we have some more non-personal information from you. Please do the following:
- Use ONE of these methods to open the Firefox Troubleshooting Information page:
- Click the menu button , click on help and select Troubleshooting Information.
- Type about:support into the Firefox address bar and press the enter key.
- At the top of the Troubleshooting Information page that comes up, you should see a button that says "Copy text to clipboard". Click it.
- Now, go back to your forum post, right-click in the reply box and select Paste from the context menu (or else click inside the reply box and press the Ctrl+V keys) to paste all the information you copied into the forum post.
- That may be too big to fit in a single reply, so if necessary delete the print related information.
If you need further information about the Troubleshooting information page, please read the article Use the Troubleshooting Information page to help fix Firefox issues.
You may actually get a faster and better answer asking in the Addons forum
If you do post there please let us have the link so we may follow your progress.
I do note the addon is so far only preliminary reviewed.
If you open Firefox and have tabs that load and require signing in you will get a request for your master password. The request may not be related to use of Browsec. The Browsec icon appearing may only happen for instance if you are offered the opportunity to log into a secure site. You could setup a couple of new additional Firefox profiles for test purposes. One with no addons at all and one with only Browsec. Compare what happens then, maybe with just one tab open that requires signing in, such as this support forum.
- Profile Manager - Create, remove or switch Firefox profiles
- https://developer.mozilla.org/en-US/Firefox/Multiple_profiles
This is not something I am not likely to get involved with troubleshooting myself, but some quick tips about multiple profiles. It is good practice
- To use the default profile location offered
- Choose a meaningful short name such as new2016-001
- Do NOT delete or rename profiles you create. It is too easy to make mistakes and lose data: passwords, settings & bookmarks for instance.
- Use -no-remote only on additional shortcuts to profiles, or comandlines; not on the shortcut for the default Firefox profile.
Thank you for the response. I do know about common troubleshooting techniques in FireFox, and I will try to use them (when the time permits, because it is a little boring).
But my specific question was "How can I trace which page or addon query password manager?" Does FireFox have any :config option to trace such access? Or it may be possible to set some breakpoint through WebDeveloper console... or something like that...
I don't know. The profiler will pick up what's happening but you are specifically asking about results from something that happens on start-up. I will add an escalate tag. If someone more knowledgeable or Helpdesk staff doesn't reply within a week post back to bump the question. Meanwhile it may be worth enquiring on the add-ons forum.
Chosen Solution
I have got an official answer from Browsec authors confirming that their application stores (automatically generated) add-on credentials with FireFox's password/login manager and retrieves it on start to authenticate with their proxy service.
I have made a quick look over the addon sources, found corresponding functionality and may confirm that (at least for now) it does exactly what they claim it is supposed to do, and it does not try to leak or to search for any other credentials from password manager.
And finally, FireFox has an option to trace access to password manager. There are the details: https://wiki.mozilla.org/Firefox:Password_Manager_Debugging