Powerful Add ons for Firefox
Firefox is a popular web browser from Mozilla. Popularity of Firefox is not only because it’s a good web browser, it also supports add-ons to enhance the functionality. Mozilla has a website add-on section that has thousands of useful add-ons in different categories. Some of these add-ons are useful for penetration testers and security analysts. These penetration testing add-ons helps in performing different kinds of attacks, and modify request headers direct from the browser. This way, it reduces the use of a separate tool for most of the penetration testing related tasks.
Access Me is an add-on for security testing professionals. This add-on is developed by the company that works on XSS Me and SQL Inject Me. Access Me is the can Exploit-Me tool used for testing access vulnerabilities in web applications. This tool works by sending several versions of page requests. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.
Add N Edit Cookies
“Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.
Cookie Manager +
Cookies manager to view, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.
FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. It is a set of proxy and VPN management tools for OS/X, Windows, iOS, Android, Chrome, Firefox, and Linux. They also offer premium reliable, high-bandwidth VPN and proxy servers in 60 different countries. For a simpler tool and less advanced configuration options, please use FoxyProxy Basic.
FlagFox is another interesting add-on. Once installed in the browser, it displays the country’s flag to tell the location of the web server. It also comes with other tools like whois, WOT scorecard and ping.
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
Live HTTP Headers
View HTTP headers of a page and while browsing.
NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.
Offsec Exploit-db Search
This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.
Packet Storm search plugin
This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.
SecurityFocus Vulnerabilities search plugin
SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.
Snort IDS Rule Search
Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users.
SQL Inject Me
SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.
Web Developer Toolbar
The Web Developer extension adds various web developer tools to the browser.
Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.
XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.