SniffPass is a portable tool which can capture network traffic, then detect and display the passwords for the following protocols: POP3, IMAP4, SMTP, FTP, and HTTP (basic authentication passwords).

The program can use WinPcap or Microsoft's Network Monitor Driver to capture your traffic. If you don't have either installed, select "Raw Sockets (Windows 2000/XP)"-- it's not as reliable on XP or Vista, but despite the name still works on anything up to Windows 10.

The next step is to choose the network adapter to monitor. If there are several options and you're not sure, check out the IP address to the left. Adapters with addresses are probably unused, and your target adapter is more likely to have an address like 192.168.x.x.

Setup out of the way, hit the green "Start Capture" button on the toolbar, and use any program to log in to your target resource (collect emails with an email client, say).

Anything SniffPass detects is immediately displayed along with its details: Protocol, Local Address, Remote Address, Local Port, Remote Port, User, Password and Capture Time.

As usual with NirSoft, selected items can be copied to the clipboard, and you're able to save the full list for analysis later.


A small, simple and effective way to recover forgotten passwords. Unusually, it may work even if you don't install a third-party capture tool.