FTP client software is normally used to connect to a web server with an FTP server service running so that the webmaster can upload files to the server. There’s quite a few FTP client applications available and one of the most popular, if not the most popular, is FileZilla because it is free, open source and frequently updated. A common feature found in FTP client software is a site manager that acts like a bookmark where you save the FTP server login details to easily and quickly connect to a FTP server with a single click of a mouse button.
Once we have the FTP client software configured, most of the time we don’t even need to know the current login password unless there’s a situation where you want to use a different FTP client and need to migrate all the FTP login details to the new software. If you’ve lost the welcome email from your web host, here we show you 3 different methods to recover your FTP password that is saved in your FTP client software.
Show the password hidden behind asterisk
The technique of revealing a password that is hidden behind asterisks or bullets has been around for a very long time since the days of Windows 95. There are quite a number of free programs that belongs in this category and we’ve previously covered 6 of them. Below is an example of using BulletsPassView to reveal the hidden password from FileZilla’s Site Manager.
Do take note that most of these password unmasking tool may be detected by your antivirus program as a potentially unwanted program or a hack tool but rest assured that they do not cause any problems on your computer.
Sniffing network traffic for FTP password
FTP is an old and insecure protocol that transfers the login credentials in clear text. By sniffing the network traffic packet, you can actually see all the information such as the username, password, port, FTP server address and etc that is sent by the FTP client software in the packet sniffer. For the more advanced user, you can use Wireshark which is one of the most powerful and free packet sniffing programs, or you can settle with a simple packet sniffing program that is made to capture the FTP username and password.
1. FTP & Mail Password Recovery
FTP & Mail Password Recovery is a small (14KB) and simple Java based program that creates a fake FTP or mail server and listens for incoming connection to capture the sent login information. This would mean you’d have to configure your FTP program to connect to localhost or 127.0.0.1 instead of your real FTP host.
If you’re trying to capture the user and password sent by FileZilla, you should change the encryption to “Only use plain FTP (insecure)” option instead of using the default “Use explicit FTP over TLS if available”. This option can be found in Site Manager under the General tab.
If for some reasons you are restricted from changing the FTP host to localhost, another program that can help you to recover your FTP password is by using SniffPass. An advantage in using SniffPass is you don’t need to make any changes to the settings in your FTP client application and SniffPass is able to capture your FTP password once you make a connection.
You can try using the Raw Sockets capture method but if that doesn’t work, you’ll need to install the WinPcap packet capture driver. Another possible problem that you might face is Firefox and Chrome blocking the download because they’ve detected SniffPass as malicious. You can easily bypass this by using Internet Explorer or Microsoft Edge browser.
3. FTP Password Sniffer
FTP Password Sniffer is created by SecurityXploded which is the home of many free password cracking tools. However, you’d have to pay extra attention when installing any of their programs because their setup installers are bundled with adware which will automatically download and install if you’re not careful. FTP Password Sniffer works in a similar way to SniffPass except it requires WinPcap drivers to work.
To use FTP Password Sniffer, you’ll need to select the network adapter that is used to connect to the Internet. Once the correct network interface has been selected, click the Start Sniffing button and then connect to the FTP server using your FTP client software. The capture FTP login information will be displayed in the FTP Password Sniffer interface.
Decrypt Saved FTP Password
The saved FTP login details in your FTP client software is stored somewhere on the computer, either as an external file or in the Windows registry. The details can be either encrypted or in clear text depending on the developer of the FTP client software. As an example, the older versions of FileZilla save the FTP site details in a file called sitemanager.xml as clear text but the recent version encodes the password with base64 encryption.
There is some FTP password recovery software that can scan the whole computer for known locations of the saved FTP password but most of them are shareware. One of the very few freeware tools that can instantly decrypt the login information of supported FTP clients is FTP Password Decryptor created by SecurityXploded. Do take note that FTP Password Decryptor setup installer automatically downloads adware and wrongly clicking the Agree button will install the unnecessary program into your computer.
FTP Password Decryptor only supports FileZilla, SmartFTP, FlashFXP, FTPCommander, Dreamweaver and WS_FTP. We’ve briefly tested with the latest version of FileZilla and it did not find the login information that is stored in the sitemanager.xml file. From their documentation, it seems that their program will only parse the file recentservers.xml. Do take note that this recovery method is also not effective against portable FTP client software that is stored in non default locations.
We discovered that SmartFTP, a shareware FTP client comes with an independent password recovery tool supporting 14 different types of FTP client software which are Core FTP, CuteFTP, Cyberduck, FFFTP, FileZilla, FireFTP, FlashFXP, FTPRush, FTP Voyager, FTP EXpert, PuTTY, Total Commander, WinSCP and WS_FTP. Unlike SmartFTP, the password recovery tool is actually free and portable which can be found in the program’s directory as the filename PasswordRecovery.exe after installation.
Do take note that although the SmartFTP password recovery tool is portable, it has some dependencies like msvcp140.dll, vcruntime140.dll, mfc140u.dll, etc. You can use third party tools such as Dependency Walker to scan for the required files and make sure that they are stored at the same location as the password recovery tool.
Recover and Decrypt FileZilla FTP Client Password
As we’ve mentioned earlier, FileZilla’s password is now encoded with Base64 format which is slightly better than saving the credentials as clear text in a XML file. Decoding Base64 format is not difficult at all because all you need to do is copy the encoded password from the XML file and paste it to a web based Base64 decoder to reveal the password.
The standard FileZilla installation normally installs the program in Program Files while the configuration are stored in the user’s AppData folder. To avoid any confusion, an easier solution is to run FileZilla, go to File on the menu bar and select Export. Tick the “Export Site Manager entries” checkbox, click OK and save the XML file to a recognizable location such as Desktop.
Open the exported XML File and look for the line that has <Pass encoding="base64">.
Visit this website https://www.base64decode.org/, paste the encoded password to the first top box and click the DECODE button. In just a second, the decoded password will be shown at the box below.