Firefox Addons For Penetration Testing



Penetration Testing Firefox


The majority of the penetration testers are using the Mozilla Firefox as a web browser for their pentest activities.This article will introduce the firefox addons that can be used for a web application penetration test.
1) Firebug
It is useful for the debugging tools that can help you tracking rogue javascript code on servers.
You can use this extension to change the user agent of your browser.Useful for web application penetration tests that you want to check and the mobile versions of the websites.
3) Hackbar
Useful for SQL injection and XSS attacks.It includes also tools for URL and HEX encoding/decoding and many more.
4) HttpFox
Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.
View the HTTP headers of a website instantly.
View and modify HTTP/HTTPS headers and post parameters.
7) ShowIP
Shows the IP of the current page in the status bar.It also includes information like the hostname,the ISP,the country and the city.
8) OSVDB
Open Source Vulnerability Database Search.
Search the packet storm database for exploits,tools and advisories.
Search the Exploit-db archive.
Search for vulnerabilities in the Security Focus
Watch the selected cookie in the status bar.
Shows HTTP Headers on status bar
Manipulate the application user interface.
15) CipherFox
Displays the current SSL/TLS cipher and certificate on the status bar.
16) XSS Me
Tool for testing reflected XSS vulnerabilities.
Extension to test SQL Injection vulnerabilities.
Discover technologies and applications that are used on websites.
19) Poster
Make HTTP requests,interact with web services and watch the output.
Show the JavaScript code that are running on web pages.
Modify HTTP request headers.
22) FoxyProxy
Advanced proxy management tool.
23) FlagFox
Displays a country flag for the location of the web server.It also includes tools such as Whois,Geotool,Ping,Alexa etc.
Customize the way a webpage behaves by using small bits of JavaScript.
Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports.
Useful for security assessments in web applications.
Search the cross-site scripting database at XSSed.Com
ASP.NET viewstate viewer.
29) CryptoFox
CryptoFox is an encryption/decryption tool for cracking MD5 passwords.
30) WorldIP
Location of the web server,IP,Datacenter,Ping,Traceroute,RDNS,AS etc.
Unveils the technology of the web server (Apache, IIS etc.)
Search CIRT.net default password database.
Search for Snort IDS Rules.

1 comment:

  1. hey bro....i need ur help in html.im studying 10th in tamilnadu.please reply me

    ReplyDelete