Is a little multi-platform tool to visualize the partially encrypted XML vault that can be downloaded once logged to your LastPass account. Focused mainly on displaying βand allowing you to searchβ your exposed URLs. It also shows if your vault was using CBC (Cipher Block Chaining) or not.
- Log in to lastpass.com (the official site).
- Open the developer console in the browser and execute the following command (
β οΈ you should avoid executing commands you copy from the Internet, unless you really trust the source, or understand what you are doing):
fetch("https://lastpass.com/getaccts.php", {method: "POST"})
.then(response => response.text())
.then(text => console.log(text.replace(/>/g, ">\n")));- Copy the full result and save it to a file. The first line should start with "<?xml" and the last one should end in "</response>". If there are extra characters at start or end of the file (copied from the console), manually remove them.
MIT.
To project is built using web technologies on top of Wails. Wails uses the native web renderers of the different OSes (doesn't embed Chromium or any other rendering engine) and uses Go for the backend.
- Go (Golang)
- Wails
- Node & npm
To build a distributable binary for your platform, just execute the following command in the root folder of the project:
wails build- Security Now 904: Leaving LastPass - How LastPass failed, Steve's next password manager, how to protect yourself π₯
- Security Now 904 show notes π
- Ask The Tech Guys: Moving Your Passwords from LastPass π₯
- Security Now 905: 1 - LastPass Aftermath, LastPass vault de-obfuscator, LastPass iteration count folly π₯
- Security Now 905 show notes π