I have written a guide on how to force Firefox 3 to always auto save password without showing the notification bar by simply editing the nsLoginManagerPrompter.js file that is located in the components folder inside where Firefox is installed. This can be abused especially in cybercafe because the user’s password will be auto saved without even asking the user in the first place. Seems to act like a keylogger doesn’t it? In Firefox 4, the developers have packed all of the naked files into one jar file called omni.jar. A JAR file is actually a Java ARchive, similar to ZIP files that you normally download on the internet where multiple files can be packed and compressed into one file.
A JAR file can be opened by any archive software such as WinZIP, WinRAR or even the Windows 7 built-in ZIP extractor. I use the famous 7-Zip and weirdly I wasn’t able to open the omni.jar file and got the error message “Can not open file omni.jar as archive”.
Then I tried renaming omni.jar to omni.zip, using the Windows 7 built-in ZIP extractor to open which was successful. However when I tried to edit or overwrite any files in that omni.zip file, I get the error “The Compressed (zipped) Folder is invalid or corrupted”. Finally I tried WinRAR but it only allows me to view the files but not edit. In summary, it is only possible to OPEN the omni.jar but not able to add or overwrite any of the files in the omni.jar. After spending a few hours researching on the omni.jar file, I finally found two ways to edit the jar file. If you open a JAR file with Notepad, you will notice that it starts with PK which is a signature for ZIP but weirdly omni.jar starts with µ¶ which at first I think it is probably encrypted to prevent any users from simply modifying the omni.jar file. Later I found out this is caused by optimizing of JAR files with the optimizejars.py python file. I can also use the same optimizejars.py file to deoptimize the omni.jar file and then use any archiving software to add or overwrite files that is in the omni.jar.
1. Download ActivePython and install.
2. Download optimizejars.py
3. Place omni.jar file which can be found in C:\Program Files\Mozilla Firefox\ at the same location where optimizejars.py is.
4. Run the command below to deoptimize omni.jar and you should get the result “Deoptimized 0/1704 in ./omni.jar”
--deoptimize ./ ./ ./
After deoptimizing omni.jar file, you can now open it with 7-Zip or any other similar archiving software and edit or overwrite any files by dragging and dropping into it. I would advice you to reoptimize the omni.jar file again once you’ve finished editing it by using the same command as above except changing the word deoptimize to optimize.
Actually later I found that there is an easier way to edit omni.jar file without installing Python and deoptimizing it. All you need to do is extract the omni.jar file with WinRAR or rename it to omni.zip and use the Windows 7 to extract it. Then make any modification or changes to the files, ZIP it back again and copy to Firefox folder. Although it works but I personally think that this method is not “optimized”. Now that you’ve learned how to edit omni.jar file, you can go ahead and edit the nsLoginManagerPrompter.js to auto save password without prompting the user or edit the nsLoginManager.js to allow saving of password into the built-in password manager on login forms with autocomplete=”off”.