Must have Firefox Extensions that will turn your Browser into a Penetration Testing Machine
Firefox is Mozilla’s well known browser and very popular . Security researchers can use for penetration testing . Here is a listing a few popular and interesting Firefox add-ons that are useful for penetration testers. These add-ons vary from information gathering tools to attacking tools. All these add-ons are available for free and you can download from the Mozilla add-on website.
Turn Your Firefox into a Penetration testing machine using Security Addons
Hackbar : Hackbar will aid you in simple SQL injection and XSS penetration Testing . Find SQL injection and XSS Loopholes with HACKBAR . Though using this addon you cannot executed exploits on a web application , but you can surely determine weather the vulnerability exists or not . Hackbar also allows you to manually submit form data through a GET or a POST Request .
WebSecurify : Websecurify is a nice penetration testing tool that is also available as add-on for Firefox . WebSecurify tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on .Download URL : https://addons.mozilla.org/en-us/firefox/addon/websecurify/
SecurityFocus Vulnerabilities search plugin : SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database. Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/
Packet Storm search plugin : This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/
Live HTTP Headers : Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner.
Tamper Data : Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data. Add to firefox using the link : https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
FoxyProxy : FoxyProxy is an advanced proxy management add-on for Firefox browser. It improves the built-in proxy capabilities of Firefox. There are few other similar kind of proxy management add-ons available, but it offers more features that other add-ons. Based on the URL patterns, it switches internet connection across one or more proxy servers. When proxy is in use, it also displays an animated icon. In case you want to see the proxies used by the tool, you can see the logs.
Add Foxy Proxy to firefox with the Link : https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
User Agent Switcher : User Agent Switcher add-on; adds a one click user agent switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user agent, use the browser button. User Agent add on helps in spoofing the browser while performing some attacks.
Add User Agent Switcher to your browser from this link: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
Firefox is very common among the penetration testers for a long time and come in as a built-in browser for Kali Linux and Backtrack versions . With the above given addons you can enhance the functionality of the firefox browser and perform tasks related to a penetration test using your browser alone.
Even better news for Android lovers . Just install Firefox in your android smartphone – add these add-ons to it . You are set for the penetration tests with your Smartphone alone .