Skip to content

Latest commit

 

History

History
132 lines (68 loc) · 7.62 KB

Firefox.md

File metadata and controls

132 lines (68 loc) · 7.62 KB

Firefox Plugins

Access Me

Access Me is an add-on for security testing professionals. This add-on is developed by the company that works on XSS Me and SQL Inject Me. Access Me is the can Exploit-Me tool used for testing access vulnerabilities in web applications. This tool works by sending several versions of page requests. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/access-me/

Add N Edit Cookies

“Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies-13793/

Cookie Manager +

Cookies manager to view, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/

CryptoFox

CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

Firebug

Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/firebug/

FoxyProxy

FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It is a set of proxy and VPN management tools for OS/X, Windows, iOS, Android, Chrome, Firefox, and Linux. They also offer premium reliable, high-bandwidth VPN and proxy servers in 60 different countries. For a simpler tool and less advanced configuration options, please use FoxyProxy Basic.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard/

Website: http://getfoxyproxy.org/

FlagFox

FlagFox is another interesting add-on. Once installed in the browser, it displays the country’s flag to tell the location of the web server. It also comes with other tools like whois, WOT scorecard and ping.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/flagfox/

Grease Monkey

Allows you to customize the way a web page displays or behaves, by using small bits of JavaScript. You can write your own scripts, too. Check out http://wiki.greasespot.net/ to get started.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

HackBar

This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Live HTTP Headers

View HTTP headers of a page and while browsing.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/

No Script

The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java, Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank).

NoScript also provides the most powerful anti-XSS and anti-Clickjacking protection ever available in a browser.

Website: http://noscript.net/

Offsec Exploit-db Search

This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/

Packet Storm search plugin

This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/

SecApps

Secapps Suite is a penetration testing toolkit that is also available as add-on for Firefox. SecApps Suite can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/secapps/

SecurityFocus Vulnerabilities search plugin

SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.

Firefox: https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/

Snort IDS Rule Search

Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/

SQL Inject Me

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack. The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/

Tamper Data

Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

User Agent Switcher

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

Web Developer Toolbar

The Web Developer extension adds various web developer tools to the browser.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/web-developer/

XSS Me

XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack.

Firefox: https://addons.mozilla.org/en-US/firefox/addon/xss-me/