Firefox Add-ons for Security Researchers and Penetration Testers
1. FoxyProxy Standard
FoxyProxy is an advanced proxy management add-on for Firefox browser. It
improves the built-in proxy capabilities of Firefox. There are few other
similar kind of proxy management add-ons available, but it offers more
features that other add-ons. Based on the URL patterns, it switches internet
connection across one or more proxy servers. When proxy is in use, it also
displays an animated icon. In case you want to see the proxies used by the
tool, you can see the logs.
Add FoxyProxy to you browser from this link: https://addons.mozilla.org/en-
US/firefox/addon/foxyproxy-standard/
2. Firebug
Firebug is a nice add-on that integrates a web development tool inside the
browser. With this tool, you can edit and debug HTML, CSS and JavaScript
live in any webpage to see the effect of changes. It helps in analyzing JS files
to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based
XSS for security testing professionals.Add Firebug in your Browser from this
link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
3. Web Developer
Web Developer is another nice add-on that adds various web development
tools in the browser. It helps in web application penetration testing.Add Web
Developer in your browser from this link:
https://addons.mozilla.org/de/firefox/addon/web-developer/
4. User Agent Switcher
User Agent Switcher add-on; adds a one click user agent switch to the
browser. It adds a menu and tool bar button in the browser. Whenever you
want to switch the user agent, use the browser button. User Agent add on
helps in spoofing the browser while performing some attacks.
Add User Agent Switcher to your browser from this link: https://addons.mozilla.org/en-
US/firefox/addon/user-agent-switcher/
5. Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox.
It displays live headers of each http request and response. You can also save
header information by clicking on the button in the lower left corner. I don’t
think that there is any kind of need to tell how important this add-on is for
the security testing process.Add Live HTTP Headers to Firefox with this link:
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
6. Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header
editing capabilities. With the tamper data add-on, you can view and modify
HTTP/HTTPS headers and post parameters. Thus it helps in security testing
web application by modifying POST parameters. It can be used in performing
XSS and SQL Injection attacks by modifying header data.Add the Tamper
data add-on to Firefox browser with this link:
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
7. Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL
injection and XSS holes. You cannot execute standard exploits but you can
easily use it to test whether vulnerability exists or not. You can also manually
submit form data with GET or POST requests. It also has encryption and
encoding tools. Most of the times, this tool helps in testing XSS vulnerability
with encoded XSS payloads. It also supports keyboard shortcuts to perform
various tasks.I am sure, most of the persons in the security field already
know about this tool. This tool is mostly used in finding POST XSS
vulnerabilities because it can send POST data manually to any page you like.
With the ability of manually sending POST form data, you can easily bypass
client side validations of the page. If your payload is being encoded at client
side, you can use an encoding tool to encode your payload and then perform
the attack. If the application is vulnerable to the XSS, I am sure you will find
the vulnerability with the help of the Hackbar add-on on Firefox browser.Add
Hackbar add-on to Firefox browser with this link:
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
8. Websecurify
Websecurify is a nice penetration testing tool that is also available as add-on
for Firefox. We have already covered WebSecurify in detail in previous
article. WebSecurify can detect most common vulnerabilities in web
applications. This tool can easily detect XSS, SQL injection and other web
application vulnerability. Unlike other listed tools, it is a complete
penetration testing tool in itself available as a browser add-on. It gives most
of the features available in standalone tool.Add WebSecurify to Firefox
browser with this link: https://addons.mozilla.org/en-
us/firefox/addon/websecurify/
9. Add N Edit Cookies
“Add N Edit Cookies” is a cookie editing add-on that allows you to add and
edit cookies data in your browser. With this tool, you can easily add session
data manually in cookies. This tool is performed in session hijacking attack
when you have the active cookies of the user. Edit your cookies to add the
data and hijack the account.To download Add N Edit Cookies to Your Firefox
browser: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-
cookies-13793/
10. XSS Me
Cross Site Scripting is the most found web application vulnerability. For
detecting XSS vulnerabilities in web applications, this add-on can be a useful
tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It
scans all forms of the page, and then performs an attack on the selected
pages with pre-defined XSS payloads. After the scan is complete, it lists all the
pages that renders a payload on the page, and may be vulnerable to XSS
attack. Now, you can manually test the web page to find whether the
vulnerability exists or not.Add XSS Me
to your Firefox browser: https://addons.mozilla.org/en-
us/firefox/addon/xss-me/
11. SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection
vulnerabilities in web applications. This tool does not exploit the
vulnerability but display that it exists. SQL injection is one of the most
harmful web application vulnerabilities, it can allow attackers to view,
modify, edit, add or delete records in a database.The tool sends escape
strings through form fields, and tries to search database error messages. If it
finds a database error message, it marks the page as vulnerable. QA testers
can use this tool for SQL injection testing.Add SQL Inject Me
add-on to your browser: https://addons.mozilla.org/en-
us/firefox/addon/sql-inject-me/
12. FlagFox
FlagFox is another interesting add-on. Once installed in the browser, it
displays the country’s flag to tell the location of the web server. It also comes
with other tools like whois, WOT scorecard and ping.Add FlagFox in your
browser: https://addons.mozilla.org/en-us/firefox/addon/flagfox/
13. CryptoFox
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports
most of the available encryption algorithm. So, you can easily encrypt or
decrypt data with supported encryption algorithm. This add-on comes with
dictionary attack support, to crack MD5 cracking passwords. Although, it
hasn’t have good reviews, it works satisfactorily.Add CryptoFox add-on to
your browser: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/
14. Access Me
Access Me, is another add-on for security testing professionals. This add-on is
developed by the company that works on XSS Me and SQL Inject Me. Access
Me is the can Exploit-Me tool used for testing access vulnerabilities in web
applications. This tool works by sending several versions of page requests. A
request using the HTTP HEAD verb and a request using a made up SECCOM
verb will be sent. A combination of session and HEAD/SECCOM will also be
sent.Add Access Me to Firefox from this link: https://addons.mozilla.org/en-
US/firefox/addon/access-me/
15. SecurityFocus Vulnerabilities search plugin
SecurityFocus Vulnerabilities search plugin, is not a security tool but a search
plugin that lets users search for vulnerabilities from the Security Focus
database.Add this to Firefox from the link: https://addons.mozilla.org/en-
us/firefox/addon/securityfocus-vulnerabilities-/
16. Packet Storm search plugin
This is another search plugin that lets users search for tools and exploits
from packetstormsecurity.org. The website offers free up-to-date security
tools, exploits and advisories.Add this to Firefox from the link:
https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-
plugin/
17. Offsec Exploit-db Search
This is another plugin similar to the last two above. It also lets users search
for vulnerabilities and exploits listed in exploit-db.com. This website is
always up-to-date with latest exploits and vulnerability details.Add this to
Firefox from the link: https://addons.mozilla.org/en-
us/firefox/addon/offsec-exploit-db-search/
18. Snort IDS Rule Search
Snort IDS Rule Search is another search add-on for Firefox. It lets users
search for Snort IDS rules on the snort.org website. Snort is the most widely
deployed IDS/IPS technology worldwide. It’s an open source network
Intrusion prevention and detection system with more than 400,000
users.Add Snort IDS Rule Search to Firefox here:
https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/
1. FoxyProxy Standard
FoxyProxy is an advanced proxy management add-on for Firefox browser. It
improves the built-in proxy capabilities of Firefox. There are few other
similar kind of proxy management add-ons available, but it offers more
features that other add-ons. Based on the URL patterns, it switches internet
connection across one or more proxy servers. When proxy is in use, it also
displays an animated icon. In case you want to see the proxies used by the
tool, you can see the logs.
Add FoxyProxy to you browser from this link: https://addons.mozilla.org/en-
US/firefox/addon/foxyproxy-standard/
2. Firebug
Firebug is a nice add-on that integrates a web development tool inside the
browser. With this tool, you can edit and debug HTML, CSS and JavaScript
live in any webpage to see the effect of changes. It helps in analyzing JS files
to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based
XSS for security testing professionals.Add Firebug in your Browser from this
link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
3. Web Developer
Web Developer is another nice add-on that adds various web development
tools in the browser. It helps in web application penetration testing.Add Web
Developer in your browser from this link:
https://addons.mozilla.org/de/firefox/addon/web-developer/
4. User Agent Switcher
User Agent Switcher add-on; adds a one click user agent switch to the
browser. It adds a menu and tool bar button in the browser. Whenever you
want to switch the user agent, use the browser button. User Agent add on
helps in spoofing the browser while performing some attacks.
Add User Agent Switcher to your browser from this link: https://addons.mozilla.org/en-
US/firefox/addon/user-agent-switcher/
5. Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox.
It displays live headers of each http request and response. You can also save
header information by clicking on the button in the lower left corner. I don’t
think that there is any kind of need to tell how important this add-on is for
the security testing process.Add Live HTTP Headers to Firefox with this link:
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
6. Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header
editing capabilities. With the tamper data add-on, you can view and modify
HTTP/HTTPS headers and post parameters. Thus it helps in security testing
web application by modifying POST parameters. It can be used in performing
XSS and SQL Injection attacks by modifying header data.Add the Tamper
data add-on to Firefox browser with this link:
https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
7. Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL
injection and XSS holes. You cannot execute standard exploits but you can
easily use it to test whether vulnerability exists or not. You can also manually
submit form data with GET or POST requests. It also has encryption and
encoding tools. Most of the times, this tool helps in testing XSS vulnerability
with encoded XSS payloads. It also supports keyboard shortcuts to perform
various tasks.I am sure, most of the persons in the security field already
know about this tool. This tool is mostly used in finding POST XSS
vulnerabilities because it can send POST data manually to any page you like.
With the ability of manually sending POST form data, you can easily bypass
client side validations of the page. If your payload is being encoded at client
side, you can use an encoding tool to encode your payload and then perform
the attack. If the application is vulnerable to the XSS, I am sure you will find
the vulnerability with the help of the Hackbar add-on on Firefox browser.Add
Hackbar add-on to Firefox browser with this link:
https://addons.mozilla.org/en-US/firefox/addon/hackbar/
8. Websecurify
Websecurify is a nice penetration testing tool that is also available as add-on
for Firefox. We have already covered WebSecurify in detail in previous
article. WebSecurify can detect most common vulnerabilities in web
applications. This tool can easily detect XSS, SQL injection and other web
application vulnerability. Unlike other listed tools, it is a complete
penetration testing tool in itself available as a browser add-on. It gives most
of the features available in standalone tool.Add WebSecurify to Firefox
browser with this link: https://addons.mozilla.org/en-
us/firefox/addon/websecurify/
9. Add N Edit Cookies
“Add N Edit Cookies” is a cookie editing add-on that allows you to add and
edit cookies data in your browser. With this tool, you can easily add session
data manually in cookies. This tool is performed in session hijacking attack
when you have the active cookies of the user. Edit your cookies to add the
data and hijack the account.To download Add N Edit Cookies to Your Firefox
browser: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-
cookies-13793/
10. XSS Me
Cross Site Scripting is the most found web application vulnerability. For
detecting XSS vulnerabilities in web applications, this add-on can be a useful
tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It
scans all forms of the page, and then performs an attack on the selected
pages with pre-defined XSS payloads. After the scan is complete, it lists all the
pages that renders a payload on the page, and may be vulnerable to XSS
attack. Now, you can manually test the web page to find whether the
vulnerability exists or not.Add XSS Me
to your Firefox browser: https://addons.mozilla.org/en-
us/firefox/addon/xss-me/
11. SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection
vulnerabilities in web applications. This tool does not exploit the
vulnerability but display that it exists. SQL injection is one of the most
harmful web application vulnerabilities, it can allow attackers to view,
modify, edit, add or delete records in a database.The tool sends escape
strings through form fields, and tries to search database error messages. If it
finds a database error message, it marks the page as vulnerable. QA testers
can use this tool for SQL injection testing.Add SQL Inject Me
add-on to your browser: https://addons.mozilla.org/en-
us/firefox/addon/sql-inject-me/
12. FlagFox
FlagFox is another interesting add-on. Once installed in the browser, it
displays the country’s flag to tell the location of the web server. It also comes
with other tools like whois, WOT scorecard and ping.Add FlagFox in your
browser: https://addons.mozilla.org/en-us/firefox/addon/flagfox/
13. CryptoFox
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports
most of the available encryption algorithm. So, you can easily encrypt or
decrypt data with supported encryption algorithm. This add-on comes with
dictionary attack support, to crack MD5 cracking passwords. Although, it
hasn’t have good reviews, it works satisfactorily.Add CryptoFox add-on to
your browser: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/
14. Access Me
Access Me, is another add-on for security testing professionals. This add-on is
developed by the company that works on XSS Me and SQL Inject Me. Access
Me is the can Exploit-Me tool used for testing access vulnerabilities in web
applications. This tool works by sending several versions of page requests. A
request using the HTTP HEAD verb and a request using a made up SECCOM
verb will be sent. A combination of session and HEAD/SECCOM will also be
sent.Add Access Me to Firefox from this link: https://addons.mozilla.org/en-
US/firefox/addon/access-me/
15. SecurityFocus Vulnerabilities search plugin
SecurityFocus Vulnerabilities search plugin, is not a security tool but a search
plugin that lets users search for vulnerabilities from the Security Focus
database.Add this to Firefox from the link: https://addons.mozilla.org/en-
us/firefox/addon/securityfocus-vulnerabilities-/
16. Packet Storm search plugin
This is another search plugin that lets users search for tools and exploits
from packetstormsecurity.org. The website offers free up-to-date security
tools, exploits and advisories.Add this to Firefox from the link:
https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-
plugin/
17. Offsec Exploit-db Search
This is another plugin similar to the last two above. It also lets users search
for vulnerabilities and exploits listed in exploit-db.com. This website is
always up-to-date with latest exploits and vulnerability details.Add this to
Firefox from the link: https://addons.mozilla.org/en-
us/firefox/addon/offsec-exploit-db-search/
18. Snort IDS Rule Search
Snort IDS Rule Search is another search add-on for Firefox. It lets users
search for Snort IDS rules on the snort.org website. Snort is the most widely
deployed IDS/IPS technology worldwide. It’s an open source network
Intrusion prevention and detection system with more than 400,000
users.Add Snort IDS Rule Search to Firefox here:
https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/
No comments:
Post a Comment