Lazarus: A must have form recovery add-on for Firefox (and Chrome)

We have all had those oh **** moments where we fill out a form (a registration form, a comment on a website, a post on a forum, writing an e-mail, etc.)  and when we go to submit it, there is a technical error that prevents the form from being submitted properly (all GOTD users are probably familiar with the infamous 502 bad gateway error by now). Or, maybe you are clumsy like me and sometimes accidentally close websites or hit the back button before finishing your work. Regardless of the circumstances, in most situations like the ones just mentioned the form data is lost and you must start all over again (this is probably the moment when the profanity starts). Well fret no longer. Lazarus is an add-on for Firefox (and Chrome – Chrome version is in its infancy stages) that allows users to easily and quickly recover form data whenever an oh **** moment occurs.

Lazarus works in a very simple way. As you fill out a form (whether it is a registration form, comment form, forum post, e-mail, etc.) Lazarus records what you are typing and stores it in an encrypted SQLITE database on your computer (according to the developer the database is stored locally on your computer [not on the developer’s server] and it is encrypted using 2048-bit RSA and 256-bit AES hybrid encryption). Whenever you want to recover a form – after the oh **** moment – you simply right-click and either select “Recover Form” to recover the whole form, or “Recover Text” if you only want to recover specific text.

For example, lets say I am registering on dotTech:

However, being my clumsy self, I accidentally close the web page. Oh **** now I have to fill out the whole form again! Wait a second, no I don’t – I have Lazarus installed! I simply need to right-click on the form and click on “Recover Form”…

…and everything I had typed and all the check boxes I had ticked magically reappear, except for my password:

The only reason the password did not appear is because I have Lazarus set to not record and store passwords (this is the default setting). If you want Lazarus to record passwords also, you can tell it to do so via settings.

Similarly, lets say I am submitting a comment on the Prevention, detection, and cure: 12 programs that will provide the best all-around security for you and your computer – for free article:

Before I can submit the comment, I get side tracked by another article (because dotTech has many awesome articles, I just can’t focus on one) and click on a link to another page; then I remember I was submitting a comment! But now it is too late… the comment is gone and all is lost, right? Not really – I have Lazarus installed. All I need to do is go back to the comment form, right-click, and select “Recover Form”…

…and the whole comment – with everything filled out – automatically reappears:

Alternatively, since submitting the comment involves typing in a text box and not just filling out a text field, I have the option of right-clicking on the text box and recovering just the “dotTech is the best website in the world!” part:

The “Recover Text” feature is intended for situations where you are not filling out any text fields, but rather just typing in a text box, such as when submitting a forum post, writing an e-mail, or submitting a comment on a blog when you are logged in. In fact Lazarus was even allowing me to recover the text in this very article.

Since your form data is stored in a database, Lazarus has a feature that allows you to search that database…

…and recover form data as-is:

In other words, similar to how clipboard managers lets you recover previously copied or cut content, Lazarus allows you to recover previously used form data. However recovering form data via the search feature recovers just the form data – it does not insert the data into the form it was recorded for. The search feature is accessible via the right-click menu of Lazarus’ icon in Firefox:

As you can see from the screenshot, Lazarus has a feature that allows you to disable Lazarus on specific websites. Simply click on “Disable Lazarus on this site” from the right-click menu whenever you want to disable Lazarus on a website.

Last but not least, the settings/options of Lazarus are very important; from option you are allowed to control things such as requiring a password when recovering forms, automatically clearing form data from the database after a specific amount of time has passed, enabling/disabling Lazarus from recording passwords, database management, and more:

All things considered, Lazarus is probably one of the most handy add-ons I have seen to date. The only real question mark about the program are privacy and security related. As I already mentioned, the developer has taken big steps to make Lazarus as secure and private as possible (storing database locally only, encrypting database, allowing users to set password, allowing users to automatically remove form data, etc.). However, in the end, there is still that element of trust – the leap of faith – required; we must assume

  1. The developer has no malicious intent and what the developer claims – in regards to security and privacy – is true.
  2. Mozilla has properly vetted and inspected the program before allowing it on their add-on page.

That said, you can grab Lazarus from the following links:

Version reviewed: v2.0.5

Browsers supported: Firefox and Chrome

Lazarus homepage

[Direct link Lazarus Firefox add-on page]

[Direct link Lazarus Chrome extension page]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

23 comments

  1. Rob AC

    Patrick & Alan.

    Personally, I rarely use IE Tab 2. There are very few sites that require me to activate it.

    Before I activate it I make sure I am on a known and reputable site by first searching for the site with Bing or Google; and then using two add ons to see if they are green lighted- these two addons are WOT and AVG Link Scanner.

    The other add ons that I use to make sure I am protected while using FF are:Adblock Plus, Better Privacy, No Script.

    BTW- just had a chance to use Lazarus just now… awesome! I even checked the database of past conversations from various sites and find that I can just click on them to see if they are any replies or followups.

    Thanks Karl for creating such a useful add on!
     
     

  2. alan

    @Patrick:
    I need to explain that I have no criticism of I.E. TAB and its developers.
    It is far better for Firefox to be the main browser, with a quick toggle into the I.E. TAB mode, than to start the day with I.E browser for Banking etc. and forget to launch Firefox when shopping on eBay or downloading porn ! ! !
     
    So I agree,  I.E. TAB is a good thing.
    I am just critical of I.E., and only removed I.E. TAB because I have never needed I.E. itself, and I am sure my daughter would have complained by now if she missed it ! !
     
    I cannot help commenting that if my bank required me to use I.E. I would immediately change to a new bank and notify the old one of my reasons.
    1. Requiring me to use I.E. exposes me to needless risks ;
    2. It suggests they have no clue about Internet Security issues ;
    3. They do not have the skills needed to protect my finances ;
    4. Their guarantees to cover any financial loss will not deal with identity theft consequences when my details are stolen from insecure bank records.
     
    There is the cynics view that if identity theft occurs, the bank might attempt to disclaim responsibility by saying that the details they held were also present on my P.C., and if am am using Internet Explorer I am obviously not careful enough about my own security ! ! !
     
    Alan
     

  3. Patrick

    Hello again,

    I’m still following this most interesting duscussion about IE-tab and I do hope that I’ll be allowed some free time in the weeks to come to do some testing. (I’m waiting for a/another 2nd-hand machine to be delivered before actually taking the steps I intended for my main PC.)

    It has been quite informative and I do hope you guys (Karl, AlanR, Alan, Rob AC and others) keep exchanging ideas and experiences on this!

    @Allan: “(…) and I cannot help wondering what vulnerabilities will be FOUND in the future that might allow a hacker to do the click for me !!”

    Allan, I have 3 “kids” with their respective wives/girlfriends and kids of themselves etc… and I cannot help wondering…

    Come on! None of us has a Crystal Sphere, Allan – “ball” doesn’t exactly carry the potential of “sphere”, don’t you think ;-)  – but one thing I know is that Murphy’s Law applies to Murphy’s Law.
    IOW: it’s all quantumelectrodynamics and we’re learning from it everyday ;-) [QED, Feynman, a bit of Latin – I love it!]

    BTW, wouldn’t you feel just a bit great achieving a “good, nice, clean” hack that wouldn’t hurt anyone at all?… Of course you would! But to be certain that absolutely nobody will misinterpret or make abuse of your hack is a totally different story. That certainty is, IMO, unachievable. 
     
    Keep well!
    Patrick.

  4. alan

    @karl: Thank you for the information.
    I accept that IE should not intrude unless the IE TAB button is clicked,
    but the thought of a single click on the button rather spooks me,
    and I cannot help wondering what vulnerabilities will be FOUND in the future that might allow a hacker to do the click for me ! !
    I am assured by your answer.
     
    BUT my daughter is not a software engineer and preferred to use I.E.
    For our mutual protection I removed all Flash capability from I.E. so she has an incentive now to use Firefox which has Flash.
    My major motivation for removing I.E. TAB was that having got her to use Firefox, I did not want her to be only one click away from activating I.E. TAB
     

  5. karl

    @alan: Whilst not authoritative, I can tell you how it works. IE Tab (and IE Tab Plus) both work by adding an activeX webbrowser component into the page. This component is an Internet Explorer window (with all the security vulnerabilities, and bad rendering that that implies). But, before you go uninstalling it, there’s more you need to know.

    IE Tab will not alter any page unless you tell it to (by clicking the icon in the statusbar, or choosing “view this site in IE”). From then on (until you choose otherwise) that page/site will be viewed using the IE component embedded inside of Firefox.
     
    So if you install IE tab and never use it, then your browser is just as secure as without IE tab*. It’s only when you choose to enable IE Tab for a given site do you introduce any vulnerabilities that might exist. So if you only use IE tab for known safe sites that need it (eg banking, intranet, etc..) and don’t use it on more dubious websites then you should be quite safe.
     
    * I didn’t write IE Tab, and am assuming there is no way a malicious website could fake IE Tab into enabling itself on a given page/site (by calling scripts on the page, or adding special attributes within the page). I have a reasonable knowledge of how sites interact with Firefox addons, and can say with some confidence, that if this vulnerability did exist then IE Tab would not be your biggest problem.

  6. alan

    I am one of many that prefer the security of Firefox c.f. the many vulnerabilites of Internet Explorer.
     
    Lats year M.$. deliberately sabotaged Firefox under the pretext that it was part of a “Patch Tuesday” essential security update – I declined because M.$. disregard their own vulnerabilities for years or until “responsible disclosure”, and I just cannot believe they would waste their “skills” by helping out Mozilla.
     
    They added an addon/extension that gave SINGLE CLICK risks and it had UNINSTALL greyed out.
    About the same time I learnt that IE TAB which was installed by some-one else) does NOT do the rendering of pages that want I.E.
    I.E. TAB is merely a trap door through which the “troll under the bridge” which is Internet Explorer can jump and take over the rendering.
    I immediately removed I.E. TAB in the belief that it would unleash Active’X and all the other I.E. vulnerabilities when in use, and when not in use it was only a SINGLE CLICK away.
     
    I would appreciate an authoritative opinion upon my concerns about the risks of using I.E. TAB
     

  7. Patrick

    @karl: Thanks a lot for your most informative reply, Karl. 
    Using a IE tab in Firefox! Why didn’t I think of that myself!.. Man is too much a creature of habits, I guess.
    I’m actually considering switching to Firefox, making it my opening page, and adding tabs to IE, Chrome, MSN Live (hotmail)… “The lot”… 
    Thanks again!

    Have a nice day (better still: have a nice, long, healthy and fruitful life ;-)

    Patrick.

  8. karl

    @ashraf “The developer has no malicious intent and what the developer claims – in regards to security and privacy – is true.”
     
    Well you’ve only go my word for it. But anyone is welcome to inspect the source code (it’s available in your Mozilla profile folder for any extension that’s installed in Firefox). Most extension are built using XUL (an XML templating language) and javascript, so there’s a lot of people out there who can tell you if a given piece of code is malicious or not.
     
    “Mozilla has properly vetted and inspected the program before allowing it on their add-on page.”
     
    The Mozilla team do quite a good job of vetting addons, but there are a huge amount of them now, and only so many people who can look over the code for them.
     
    @jumbi “Do you think Lazarus is safe?”

    Personally yes (because i wrote it, and I know it is), but I would say that ;)

    About a year ago we used to have the addon check for updates once per day by sending a request back to http://lazarus.interclue.com . But people mis-interpreted that as us sending back form information to our servers. Even though it was obvious to anyone inspecting the requests that they were not sending any user identifiable data back. So we removed the update check. Lazarus no longer sends _any_ data back to interclue whatsoever (and we have to rely on mozilla to gather user numbers for us). It makes people feel safer, and when your dealing with everything a user types on the interweb people need to feel safe about their data.

    @drtank “is there an option to disable storing [credit card] numbers???”

    Alas not yet, but I’m working on it. At the moment Lazarus is not my highest priority (I have a lot of “real” work on my plate just now), but it is a feature I need to add soon.

    @roger Textarea cache is a wonderful addon, and I highly recommend it. It’ll do a good job of saving comments and posts for you, and makes retrieving them very simple. It doesn’t have the full form recovery, search, or the encryption that comes with Lazarus, but as a lite-weight alternative is really is very good.

  9. Ashraf
    Author/Mr. Boss

    @vhick: You are welcome!

    @Bas: Thanks for the feedback.

    @AlanR: Glad to see you enjoy the add-on, and thanks for the welcome back.

    @Patrick: I believe Karl answered your questions, no? Have any more questions?

    @jumbi: Honestly I don’t know so I don’t want to give you the wrong answer. All I know is what the developer says, which I have already wrote about in my article. Maybe Karl – who is from Interclue, the developer of Lazarus – can help us out.

    @drtank: I don’t think there is. Now that you mention it, being able to disable recording of specific text boxes or text fields would be a really nice feature to add. At best currently you can disable recording for whole websites.

    @alan: I believe Lazarus does allow you to automatically re-fill a form even after you log off; not 100% sure though. I know for sure, however, that you can always go in and search for the form data Lazarus recorded, and print it.

    @roger: Thank you for informing us of an alternative.

    @Lascannon: Glad you find it useful.

    @karl: Thanks for coming here and supporting your product.

  10. karl

    @Patrick: In answer to your questions
    1. “I suspect Lazarus uses a similar technique [as HxD Hex Editor] but automates the “find and recombine process”?”
    Not quite. We add keypress handlers into Firefox and then extract the text from the textbox you are typing into, then we encrypt that text and add it to the database (saving whole forms is very similar).
    2. “I would really like to know the reason though why there does not seem to be a Lazarus-for-Explorer. Anyone (techie) here have some ideas on that?”
    Two reasons mainly. Firstly, it’s a _lot_ easier to write addons for firefox than it is for IE. Firefox’s architecture allows an addon developer to alter almost every aspect of the browser and what it does, and doesn’t require breaking into the c++ code that the browser is built with.
    Secondly. Internet explorer addons are unstable. Every attempt we have made at building addons for it has caused browser slowdowns and crashes (seemingly at random). Whilst IE8 is a lot better than IE7 in this respect, it still has a long way to go before it’ll be as stable as Firefox (or chrome).
    3. Also, wouldn’t a keylogger help with this lost forms problem?
    Yes, a keylogger would help you to recover text entered into webpages, but I doubt it’d have the ease of use when it comes to recovering that text. It’s a lot easier to just right click on a form and hit “recover” than it is to open another application and then search through lots of text attempting to find what you wrote a couple of months ago.
    ASIDE: you might like to try using Firefox with IE TAB (https://addons.mozilla.org/en-US/firefox/addon/1419/) for your banking. That’s what I do when I come across IE only sites.

  11. roger

    I have just started using a Firefox add-on called Textarea Cache  ( https://addons.mozilla.org/en-US/firefox/addon/5761/ ) which as it’s name suggests stores anything you enter into text areas. I just checked it and it has the comment I made the other day on your GiMeSpace article. It also stores date and time the comment was made. Another nice touch is that you can add sites to an exception list so they will be ignored by the add-on. From what I can see it does not offer any of the security concerns of Lazarus, albeit by offering less utility. But I am quite happy to refill a few form entries, it is the text boxes that I find a pain in the backside to have to go back to and recall that pithy “mot juste” I had coined before my computer go boom.

  12. alan

    I fill out a multi-page form, using NEXT several times, until I get the SUBMIT and PRINT buttons.
    At that stage I tell Lazarus to remember everything up to that point, and then hit PRINT (for my local copy) and SUBMIT (for action at the web-site).
     
    Can I then log off, and later log on and have Lazarus automatically regenerate all my information on that form so I can PRINT another local copy when the first copy is defective ?
     
    I prefer my copies to be on re-usable HDD rather than wasting trees full of paper, and sometimes the print to file conversion goes wrong and I might need another attempt, with perhaps another free print to file converter.
     
    I am about to return to a Govt. site and resubmit my information.
    The first time my local copy was bad and I cannot remember if I ticked EVERY relevant box, and I cannot return to see what I submitted.
    This time I have alternative Print to File drivers and converter applications which MAY succeed.  If my first alternative fails, will Lazarus enable me to redo the form after I install yet another print to file converter ?
     

  13. jumbi

    very nice add-on.
    In the past I found a lot of similar add-ons for firefox and for other browsers too. I did not try a single one of them because I am afraid of security being compromised (only to alternative browser with no serious surfing, I can use form helper).
    So, my single and only question is:
    Do you think Lazarus is safe?
    I dont mean the encrypted local data but what may be transmitted somewhere uknown… I wish there was a firewall for browsers!!

  14. Patrick

    Hi,

    I do not use Firefox -shame on me!  :)  – but I do use Chrome (and sometimes run into trouble when it runs alongside IE! – No idea why that happens… Conflicting processes? Some kind of “stack overflow”? It typically occurs when I have some 14 tabs, say 8 in IE8 and 6 in Chreome. But that’s not the subject here -at least IE8 allows me to recover my last browser session, restoring all tabs and “return to previous page”.)

    BACK TO THE SUBJECT:

    1.
    For users of IE I ran into http://www.associatedcontent.com/article/2390932/how_to_recover_a_lost_form_in_internet.html
     which uses HxD Hex Editor. Reading the article, this workaround does seem a bit cumbersome. A haven’t tried it yet (lack of time as usual), so I cannot judge whether it does what it claims, and if it does work how much time you actually save as compared to retyping the whole bunch. 

    I suspect Lazarus uses a similar technique but automates the “find and recombine process”?

    Most of the time I write larger texts on a wordprocessor and copy that into the form I’m working on (best strategy when there is a server timeout, in which case some required fields need filling in anew, a minor problem really and sometimes part of the webdesigner’s client security/protection policy).

    2.
    I would really like to know the reason though why there does not seem to be a Lazarus-for-Explorer. Anyone (techie) here have some ideas on that?

    3.
    Also, wouldn’t a keylogger help with this lost forms problem? Switch it on just before you start filling in forms etc… I have not tried any keyloggers in the past because of no real use for it – no unruly kids nor secretive women in the house, no reason to spy :) It’s just an idea. But is it worthwhile to explore this?

    AS AN ASIDE:
    I know that Firefox-users tend to look down on IE’ers (and they do have some good arguments to prefer Firefox over IE, mainly because of security issues) but (e.g.) my homebanking mainly relies on IE and becomes unreliable under Firefox. To fix troubles when using Firefox I have to go through a fairly complex and timeconsuming procedure to get back full functionality for homebanking. Reason enough for me to stick with IE8 – and I do not intend changeing banks just because of that (for reasons you may guess but which I’m not going to go into, I stick with my banker… I like my banker’s wife and daughther and… ;)) 

    I would appreciate some feedback on points 1-3, especially on the technique suggested in 1 and the idea in 3.

    Thanks and have a nice day!
    Patrick.

     

  15. AlanR

    Great add-on. Have had it running since previous review – it has saved a lot of frustration in that time.
    Double checked and found my version is up to date thanks to FF auto checks.
    Glad you’re back in action Ashraf, seems impetus waned in your abscence.

  16. Bas

    @vhick: Another way to do it is to copy your comment before you submit it. If it goes wrong then, you can just paste your comment and submit again.
    You only have to fill in your name (and possible email or other things) again.
    This has saved me many times, although sometimes I just forget to do it…

  17. vhick

    Wow! this is the addon that I’m looking from. I’m always have an error submitting especially when commenting on blogs. I’m enter a long comment and after clicking submit and gives me an error, I’m always pissed and rewrite all over again. My only solution is to type to notepad first. But I’m very clumsy that sometimes forgot to do this.

    Thanks sir Ashraf.