Firefox Dumper identifies the current user’s Firefox profile directory and exfiltrates the credential files to the attacker’s FTP server.


Installing Firefox Dumper

git clone

Change directories to Firefox-Dumper and that’s it.

python3 -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-i, --ip - Mandatory - declares the attacker's FTP server IP. Firefox Dumper uses port 21 by default and is hardcoded.

Examples of full commands include:

python3 -i

Executable Version

Check releases for the executable version. Note that it has to be ran from a command line with the -i flag.


A tool called “Firefox Decrypt” can be found here – This tool is required in order to decrypt the files.


View Github