以编程方式将Chrome密码管理器中的密码导入Chrome扩展程序
[英]Programatically import passwords from Chrome Password Manager onto Chrome Extension
问题描述
I'm working on my first chrome extension. 
我正在研究我的第一个chrome扩展程序。 Its a password manager app with some additional functionalities over the chrome default password manager. 它是一个密码管理器应用程序,在chrome默认密码管理器上有一些额外的功能。
Now I have a request from client to fetch all the passwords from the chrome password manager and store it in the chrome extension. 现在我收到了客户端的请求,要求从chrome密码管理器中获取所有密码并将其存储在chrome扩展中。
I have browsed through many stackoverflow posts and other posts online, but none of them answer achieving this in a chrome extension. 我在网上浏览了很多stackoverflow帖子和其他帖子,但没有人回答在chrome扩展中实现这一点。 I know this is definitely achievable as there are third party apps like LastPass, ChromePass which have implemented this. 我知道这绝对是可以实现的,因为有第三方应用程序,如LastPass,ChromePass已经实现了这一点。
Could somebody please give me some pointers on how to go about with this? 有人可以给我一些关于如何解决这个问题的建议吗? I know Chrome stores the password data in DB named 'Login Data' and the password will be stored encrypted which is OS dependent. 我知道Chrome会将密码数据存储在名为“登录数据”的数据库中,密码将以加密方式存储,这取决于操作系统。
1 个解决方案
解决方案1
3 2015-01-27 14:58:48
I maintain an informed guess that this is impossible (and the documentation you link to does NOT mention it), unless you employ an external module (native host). 我保持一个明智的猜测,这是不可能的(你链接到的文档没有提到它),除非你使用外部模块(本机主机)。
There are no specific APIs that allow extensions to access password database, neither public nor, to my knowledge, private (LastPass extension has no private APIs in the manifest). 没有特定的API允许扩展访问密码数据库,既不公开也不是我所知的私有(LastPass扩展在清单中没有私有API)。 Which is good from the security perspective. 从安全角度来看哪个好。
As for the native host approach - even then you'll have to somehow tap into Chrome's encrypted password file. 至于本机主机方法 - 即使这样你也必须以某种方式使用Chrome的加密密码文件。 Its format changed over time and I doubt there are currently tools that can break it. 它的格式随着时间的推移而改变,我怀疑目前有哪些工具可以打破它。 It may be possible to replicate the functionality Chrome has to access the file with the user's master password, but it will be hard. 可以使用用户的主密码复制Chrome访问该文件的功能,但这很难。
In fact, Chrome's own database would fall under the "Passive Imports" part of the documentation. 实际上,Chrome自己的数据库属于文档的“被动导入”部分 。 I suspect LastPass just picks up passwords as they are inserted by Chrome, but only while you visit sites that are protected with said passwords. 我怀疑LastPass只是在Chrome插入密码时选择密码,但只有在您访问受所述密码保护的网站时才会这样。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.