SniffPass captures email and FTP passwords from network traffic
Saving email passwords in the client is quick, easy and convenient -- unless you need to recreate the account somewhere else and can’t remember the details.
Most clients have specialist password recovery tools which can help. Mail PassView, for example, accesses a local Outlook installation to display its stored account details.
But if nothing else works for you, NirSoft’s SniffPass can recover passwords for any program by capturing its network traffic: IMAP4, SMTP, FTP and HTTP (basic authentication) are supported.
The program is compact, even by NirSoft standards (sub 50KB), and there’s no installation required -- unzip it and go.
On launch you’re prompted to choose a capture method. SniffPass works with WinPcap or Microsoft’s Network Monitor Driver, but if you don’t have either, select "Raw Sockets (Windows 2000/XP)". It’s not as reliable in some situations on XP or Vista, but -- despite the name -- still works just fine elsewhere on anything up to Windows 10.
The next step is to choose the network adapter to monitor. If there are several and you’re unsure which is correct, look for an IP address that might match up with a router (0.0.0.0 = no, 192.168.x.x = probably).
Setup out of the way, hit the green "Start Capture" button on the toolbar, and use any program to log in to your target resource (launch your email client and check for new messages, say).
Anything SniffPass detects is immediately displayed along with its details: Protocol, Local Address, Remote Address, Local Port, Remote Port, User, Password and Capture Time.
As ever with NirSoft tools, selected items can be copied to the clipboard, and you’re able to save the full list for analysis later.
SniffPass runs on Windows 2000 and later.