TL;DR – Firefox stores Dev tool console data permanently (unless manually deleted). Use the script to decompress the stored data and recover any potential goodies (mainly from devs running scripts in the console).
A while ago whilst using Firefox console, I realized that all of my console data that I entered several days ago was still available by pressing the UP arrow in the console. After some testing, I noticed that even data entered within a Private Window was also stored permanently. This lead me to create a quick script to retrieve and parse the data for certain engagements and situations.
Although console data is not wildly interesting; There can be some edge cases where sensitive or interesting data is stored – particularly when developers use the console for quick testing [data may include API keys, URLS, username:passwords (at a stretch) etc.]
Firstly, the console data is stored as indexeddb data within a sqlite database. On linux, the following path is where the data is located: /home/user/.mozilla/firefox/[profile]/storage/permanent/indexeddb+++fx-devtools/idb/[number]deegvatroootlss--cans.sqlite When viewing the data in the sqlite database, its obvious that the data is compressed. After a bit of digging, it turns out that the data is compressed with googles snappy library.
How To:
The following script can be used to retrieve and decompress the data: https://github.com/phl4nk/devtoolreader. Please note that when decompressing, there are still some left-over bytes and control characters – so the output may look a bit funny – either use the -s flag on the script to strip out all control characters, or view the output file with xxd or similar: python3 devToolReader.py /home/user/.mozilla/firefox/zhhkft0f.default-1111111/storage/permanent/indexeddb+++fx-devtools/idb/1111deegvatroootlss--cans.sqlite the script automatically generates output.txt:
Resolution
The resolution is simple, just delete the sqlite file, and all the data will be gone. Happy browsing!
Phl4nk's Pl4yGround 