编程方式导入从Chrome密码管理器的密码到Chrome扩展程序 [英] Programatically import passwords from Chrome Password Manager onto Chrome Extension

问题描述

我的工作我的第一个Chrome扩展程序。它的密码管理应用程序与在镀铬默认密码经理一些额外的功能。

I'm working on my first chrome extension. Its a password manager app with some additional functionalities over the chrome default password manager.

现在我有一个从客户端的请求，从Chrome密码管理器读取所有的密码并将其存储在Chrome扩展。

Now I have a request from client to fetch all the passwords from the chrome password manager and store it in the chrome extension.

我经历了许多计算器职位和其他职位浏览网上，但没有人回答一个Chrome扩展实现这一目标。我知道这肯定是可以实现的，因为有第三方的应用程序，如LastPass的，ChromePass已实现这一点。

I have browsed through many stackoverflow posts and other posts online, but none of them answer achieving this in a chrome extension. I know this is definitely achievable as there are third party apps like LastPass, ChromePass which have implemented this.

可能有人请给我如何去了解这个一些指针？我知道Chrome储存在名为登录数据在DB密码数据和密码将被加密保存这取决于操作系统。

Could somebody please give me some pointers on how to go about with this? I know Chrome stores the password data in DB named 'Login Data' and the password will be stored encrypted which is OS dependent.

推荐答案

我保持一个明智的猜测，这是不可能的（你链接到文档中并没有提到它），除非您使用外部模块（本地主机）。

I maintain an informed guess that this is impossible (and the documentation you link to does NOT mention it), unless you employ an external module (native host).

有没有允许扩展访问密码数据库，既没有公开也没有，据我所知，私人（LastPass的扩展没有私有的API在清单）特定API。这是从安全的角度不错。

There are no specific APIs that allow extensions to access password database, neither public nor, to my knowledge, private (LastPass extension has no private APIs in the manifest). Which is good from the security perspective.

至于本地主机的方法 - 即使如此，你就必须以某种方式挖掘到Chrome浏览器的加密密码文件。它的格式变化随着时间的推移，我怀疑目前有可以打破它的工具。有可能复制的功能铬有权访问与该用户的主密码的文件，但它会很难。

As for the native host approach - even then you'll have to somehow tap into Chrome's encrypted password file. Its format changed over time and I doubt there are currently tools that can break it. It may be possible to replicate the functionality Chrome has to access the file with the user's master password, but it will be hard.

事实上，Chrome的自己的数据库将属于被动进口的文件的一部分。我怀疑LastPass的只是拿起密码，因为它们是由铬插入，但只有当你访问一个与保护的网站说的密码。

In fact, Chrome's own database would fall under the "Passive Imports" part of the documentation. I suspect LastPass just picks up passwords as they are inserted by Chrome, but only while you visit sites that are protected with said passwords.

这篇关于编程方式导入从Chrome密码管理器的密码到Chrome扩展程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！