How to retrieve a saved ftp password from phpStorm?

Question

I know that technically, this question should be asked on phpStorm's forums, but being a popular IDE (I bet an eventual solution would also work for other popular IDEs from JetBrains), I'm thinking:

someone on SO might know and share the answer (faster than I'd get it from vendor)
the ~~question~~ answer might be useful and valuable to other coders (for that matter, even if I shall need to go on the vendor's forum I will get back with the answer here, when I find it)

If there is any need of context: I accidentally switched the connection type of a saved connection from ftp to local folder and when I switched back, the saved credentials were gone.

The question: Can I retrieve the saved password...

Angle 1: ...from this computer?
Angle 2: ...from another computer that has the same credentials saved, which I could access via TeamViewer, but has the password ●●●●●●(hidden)?

Louis · Answer 1 · 2016-12-13T05:51:38.550

17

Edit: This method can only be used in the version of 2016.1 or before. For newer version (probably 2016.2), they changed the encode method. There is no clue for me to decode it.

Open C:\Users\.WebIde100\config\options\webServers.xml
Find your FTP and get the encrypted password from the password attribute.

Decrypt the password. I have written a PHP script to decrypt the string:

  $pwd = "Your encrypted password here.";
  $decrypted = '';

  while (strlen($pwd) > 0) {
    $decrypted .= chr(hexdec(substr($pwd, 0, 4)) ^ hexdec('dfaa'));
    $pwd = substr($pwd, 4, strlen($pwd) - 1);
  }
  echo $decrypted;

If you trust my tools, you can use https://louislam.net/phpstorm-decrypt-password

edited Dec 13 '16 at 05:51

answered Feb 02 '16 at 16:24

Louis

325
3
11

As long as you don't have server and username, knowing the pass doesn't get you anywhere. Can't now, but I'll test it. Thanks. – tao Feb 02 '16 at 16:44
Does anyone know the location of the webServers.xml on Mac? – Shane Jones Jun 20 '17 at 09:26
For MAC: `~/Library/Preferences/PhpStorm2017.X/options/webServers.xml` – cephuo Oct 02 '17 at 15:55
The hashed password seems to not be inside `webServers.xml` anymore. I believe they store it inside the binary file `~/Library/Caches/PhpStorm2017.X/caches/records.dat` – cephuo Oct 02 '17 at 16:29
1

would have prefered javascript or the like, so I hadn't have to set up an entire web server for this :P but your script did the job for a webServers.xml from march 2017. Thanks a lot! Wonder why the process has to be this complicated. Revertable encoding is equal to no security measures at all (apart from preventing clear text storage) – phil294 Aug 03 '18 at 17:34

score 13 · Answer 2 · answered Aug 11 '17 at 10:33

If you use KeePass database file to store passwords, you can easely set password for that file, save and then open in KeePass manager, or migrate to other PHPStorm.

Go to Settings/Preferences | Appearance & Behavior | System Settings | Passwords, enter new master password and save.
Open /.PhpStorm2017.1/config/c.kdbx (in "Keepass 2" or "Keeweb") with saved master password.
Here it is!

See answer here Retrieve saved (hidden) SSH password from PhpStorm 2017.1

score 6 · Answer 3 · answered Nov 26 '15 at 06:38

6

One way that just worked for me was to install Wireshark.
Use a capture filter of 'ftp', and do a "Test connection" inside PHPStorm.
Now stop the capture and examine what you've sniffed. The password will be in there.

answered Nov 26 '15 at 06:38

Ben Hitchcock

1,368
10
12

4

You might be able to switch modes to FTP to sniff. – Stephane Jun 20 '16 at 14:24
Thumbs up! Worked for me using 2016.3.2. Simply copy the deployment profile, so the original settings remain unchanged. Then set the new profile to FTP, enter some random public ftp server and watch the port 21 traffic with Wireshark. – Chuck Jan 17 '17 at 17:32

score 4 · Accepted Answer · answered Feb 06 '17 at 14:25

4

I know this is a 1 year old question, but for everyone else, you can try to copy the selected (hidden) password with CTRL+C, and paste it in a text document (tested with 2016.3 on Debian).

answered Feb 06 '17 at 14:25

Andrew Brown

415
1
5
15

Simple and clean. Doesn't need any additional software. Nice one. – tao Feb 06 '17 at 14:55
Wow.. Thank you.. :) – Andrew Brown Feb 07 '17 at 06:39
29

No longer working on 2017.1.3, looking for the new answer. – Louis May 06 '17 at 09:34
downvoted since it is not current anymore and the actual answer had less votes – beppe9000 Feb 06 '20 at 16:38

score 3 · Answer 5 · answered Dec 02 '21 at 18:08

3

For OSX users

Open keychain -> select the System Roots keychain (on the left side) -> search for IntelliJ.

If you click it you will see the ftp-username in the "Account" field. You can also use right click on the records to copy the password.

answered Dec 02 '21 at 18:08

Napinator

500
2
12

How to retrieve a saved ftp password from phpStorm?

5 Answers5