Firefox AddOns For Pentester

 

1.Greasemonkey

Customize the way a web page displays or behaves, by using small bits of JavaScript.


2.MultiFox

Multifox is an extension that allows Firefox to connect to websites using different user names Simultaneously! Like multiple sign in with single browser.

3.NoScript Security Suite
The best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

 

4.HackBar
Simple security audit / Penetration test tool.

 

5.SQL Inject Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vuln...

 

6.XSS Me
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary...

7.PassiveRecon
PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information.

 

8.CryptoFox
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords.

9.Offsec Exploit-db Search
This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.

 

10.Magic-Net Full Online DNS Lookup 
DNS Search engine from Magic-NET. Full DNS records lookup, MX records lookup, Reverse lookup, PTR, rDNS, SPF records, Subdomains lookup, Multiple blacklist check, Zone Transfers.

 

11.Server Spy 
Server Spy indicates what brand of HTTP server (e.g. Apache, IIS, etc.) runs on the visited sites.

 

12.FoxyProxy Standard
FoxyProxy is an advanced proxy management add-on for Firefox browser. It improves the built-in proxy capabilities of Firefox. There are few other similar kind of proxy management add-ons available, but it offers more features that other add-ons. Based on the URL patterns, it switches internet connection across one or more proxy servers. When proxy is in use, it also displays an animated icon. In case you want to see the proxies used by the tool, you can see the logs.

 

13.Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.

 

14.Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.

 

15.SecurityFocus Vulnerabilities search plugin
SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database

 

16.Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.

 

17. User Agent Switcher
User Agent Switcher add-on; adds a one click user agent switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user agent, use the browser button. User Agent add on helps in spoofing the browser while performing some attack.

 

18.Snort IDS Rule Search
Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users