• 30
  • Oct

[ErrorZilla] changes the default error page from basically having a reload button to having the following choices: a google cache, an archival snapshot from the wayback machine, a ping, a trace route, and a whois lookup. Updated: version 0.2 adds a coralize feature.

ErrorZilla Screenshot

Get it @:
addons.mozilla.org

via http://googlesystem.blogspot.com

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 24
  • Oct

Firefox1
Nice, so you finally made the switch to Firefox? Oh, but you didn’t know you could also use it to do penetration testing, vulnerability searching, intrusion detection, automate web browsing, perform whois, switch user agents, swap your cookies and much, much more. Below is a personal list of the BEST security extensions for Firefox. Enjoy and drop some comments if you know of more…

The following descriptions are from the linked sites.

  1. HackBar - This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT learn you how to hack a site. Its main purpose is to help a developer do security audits on his code.

  2. OSVDB Search - The Mozilla OSVDB Search utility will add the option to search OSVDB (Open Source Vulnerability Database) directly from your web browser’s side bar or search box. This will work in the Mozilla-based browsers: FireFox, Mozilla, Beonex, and Netscape.

  3. Firekeeper - Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content.

  4. Chickenfoot - Chickenfoot is a Firefox extension that puts a programming environment in the browser’s sidebar so you can write scripts to manipulate web pages and automate web browsing. In Chickenfoot, scripts are written in a superset of Javascript that includes special functions specific to web tasks.

  5. Tamper Data - Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Security test web applications by modifying POST parameters. FYI current version of Google Web Accelerator is incompatible with the tampering function of TamperData. Your browser will crash.

  6. httpOnly - Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side, so that JavaScript cannot read them.

  7. FFsniFF - FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Every time the user click on ‘Submit’ button, FFsniFF will try to find a non-blank password field in the form. If it’s found, entire form (also with URL) is sent to the specified e-mail address. It also has the ability to hide itself in the ‘Extensions manager’. This extension is meant to be as an example of the ‘evil side of Firefox extensions’.

  8. User Agent Switcher - Adds a menu and a toolbar button to switch the user agent of the browser.

  9. FoxyProxy - FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s proxy configuration. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc…

  10. ShowIP - Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard. This extension was formerly known as ipv6ident.

So if you are interested doing a little bit of security testing and Firefox is your favorite web browser, download the above extensions and give them a try. Computer security is never a boring thing for me; You can never stop learning about the ways those little 1s and 0s fly around the internet and the way they impact our lives on a daily basis.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]
  • 03
  • Oct

FEBE
image via link

This extension is a life saver for me. Reformating your hard drive? Backup your profile with FEBE. Switching to Linux? This works great for migrating your Firefox profile to Linux. I have tested it my self. The only thing is I had to manually unzip the .fbu file and copy it into my profile folder.

FEBE also does scheduled backups. I also use this feature. At 9:00am EVERY morning FEBE backs up my profile to a network location. If you are like me, you would be very upset if you lost your Firefox profile.
Read the rest of this entry …

  • 22
  • Sep

CustomizeGoogle

Firefox extension CustomizeGoogle can secure your Gmail and Google calender by forcing HTTPS. Have you heard of the new vulnerability in most search engines?

Just install CustomizeGoogle and the default is to secure your Gmail account by forcing HTTPS. The firefox extension also has tons more options for Google search, Images, Groups, News, Answers, Books, Calandar, Maps, Docs, Video, Reader, etc..

http://www.customizegoogle.com/

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]