Hackosis

Nice, so you finally made the switch to Firefox? Oh, but you didn’t know you could also use it to do penetration testing, vulnerability searching, intrusion detection, automate web browsing, perform whois, switch user agents, swap your cookies and much, much more. Below is a personal list of the BEST security extensions for Firefox. Enjoy and drop some comments if you know of more…

The following descriptions are from the linked sites.

1. HackBar - This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT learn you how to hack a site. Its main purpose is to help a developer do security audits on his code.
2. OSVDB Search - The Mozilla OSVDB Search utility will add the option to search OSVDB (Open Source Vulnerability Database) directly from your web browser’s side bar or search box. This will work in the Mozilla-based browsers: FireFox, Mozilla, Beonex, and Netscape.
3. Firekeeper - Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.
4. Chickenfoot - Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.
5. Tamper Data - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Security test web applications by modifying POST parameters. FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.
6. httpOnly - Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.
7. FFsniFF - FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on ‘Submit’ button, FFsniFF will try to find a non-blank password field in the form. If it’s found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the ‘Extensions manager’. This extension is meant to be as an example of the ‘evil side of Firefox extensions’.
8. User Agent Switcher - Adds a menu and a toolbar button to switch the user agent of the browser.
9. FoxyProxy - FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc…
10. ShowIP - Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.

So if you are interested doing a little bit of security testing and Firefox is your favorite web browser, download the above extensions and give them a try. Computer security is never a boring thing for me; You can never stop learning about the ways those little 1s and 0s fly around the internet and the way they impact our lives on a daily basis.

Related Posts

• Hacker Proof Your Web Application with PHPIDS
• FireCAT - Firefox Catalog of Auditing Extensions
• Nikto 2 Released
• Emergency Data Destruction With Boot and Nuke
• Free World? Freenet. The Free Network Project

Tags: Download, Extension, Firefox, Open source, Security, Top, Web development

Like this post? Subscibe to the RSS feed.