How to show the contents of “Password” fields with JavaScript

Do you share a computer with someone? If the answer is “YES”, you should be careful on how you handle your passwords. Some browsers offer you a way to store your passwords for future usage so you can sign in without the need to type your information again.

Before you choose this option you should know that there is a way to retrieve your password from the browsers, even if that person is not you. If you know how to create a web page, you are probably asking yourself “But the type of the field is “password”, how is it possible?”. Well, that’s what I am going to show you.

If you know JavaScript, you should be familiar with the code below:

It gives you a list with all the forms in the web page.

var listForms = document.forms;
var currentForm;
for(var i = 0; i < listForms.length; i++) {
currentForm = listForms[i];
}

With that you can iterate through them and retrieve all the fields.

var currentField;
for(var j = 0; j < currentForm.length; j++) {
currentField = currentForm[j];
}

And with the field, you can check if it is of the type “password”, because we only care for this type of field.

If (currentField.type.toLowerCase() == "password") {}

Now, you have all the information you need and the last step is only display the content of the field.

alert(currentField.value);

So, did I change your mind? If you want, get the full code below.

javascript: (function() {
var listForms = document.forms;
var currentForm;
var currentField;
var i, j;
for(i = 0; i < listForms.length; i++) {
currentForm = listForms[i];
for(j = 0; j < currentForm.length; j++) {
currentField = currentForm[j];
if (currentField.type.toLowerCase() == "password"){
alert(currentField.value);
}
}
}
})();

Or if you want to test in real life, get the compressed one and paste it in the address bar on the sign in page of the website you want to retrieve the saved password. If the form does not have any form with password fields no alerts will be shown.

javascript:(function(){var listForms=document.forms;var currentForm;var currentField;var i,j;for(i=0;i<listForms.length;i++){currentForm=listForms[i];for(j=0;j<currentForm.length;j++){currentField=currentForm[j];if(currentField.type.toLowerCase()=="password"){alert(currentField.value)}}}})();

I used the page javascriptcompressor.com to compress the code.

Thank you for your time and feel free to leave any comments or questions.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.