Use Google Chrome as Penetration Testing Tool :-
Google chrome is one of the most used browser on the internet. In my previous article i wrote about Use Firefox Browser as a Penetration Testing Tool .
Today i am going to show you how to Use Google Chrome as Penetration Testing Tool with the following Google chrome extensions.
1. Web Developer
Web Developer, is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.
2. Websecurify Scanner
Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to CSRF attacks. However it’s really handy in detecting XSS attacks. It’s fully awesome automated and very user friendly.
1. All you need to do is to install the websecurity scanner from the link above and visit the following page:
2. Just enter the URL and it will automatically start scanning.
3. Security Service
This extension provides some security operations such as encryption, decryption and hash functions.
4. XSS Rays :-
XSS Rays is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don’t have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
You can also extract/view and edit forms non-destructively that normally can’t be edited. For example if you want to modify the value of a checkbox without changing it’s type XSS Rays can link to the object and allow you to change the value without altering the original object.
5. HPP Finder
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
7. Edit This Cookie
Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies!
Inspired by the lack of a good cookie manager in Google chrome i developed this small simple and extremely useful extension, that let’s you perform anything you might actually need to do with cookies
- Delete any cookie
- Edit any cookie
- Add a new cookie
- Search a cookie
- Protect a cookie (read-only)
- Block cookies (cookie filter)
- Export cookies in JSON, Netscape cookie file (perfect for wget and curl), Perl::LPW
- Import cookies in JSON
- Limit the maximum expiration date of any cookie
8. iMacros for Chrome
iMacros was designed to automate the most repetitious tasks on the web. If there’s an activity you have to do repeatedly, just record it in iMacros. The next time you need to do it, the entire macro will run at the click of a button! With iMacros, you can quickly and easily fill out web forms, remember passwords, create a webmail notifier, and more. You can keep the macros on your computer for your own use, use them within bookmark sync / Xmarks or share them with others by embedding them on your homepage, blog, company Intranet or any social bookmarking service as bookmarklet. The uses are limited only by your imagination!
10. Request Maker
Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Request Maker only captures requests sent via HTML forms and XMLHttpRequests; it doesn’t fill the log with useless information about images and style sheets. The logs are tab-specific, displayed in the page action popup, and the requests are bookmarkable. After sending a request you can just click on the bookmark button like you would on any other page.
Firefuzzer is a penetration testing tool. The aim of the fuzzer is to discover unknown vulnerabilities in web applications. As per the requirement of the Project Proposal, the FireFuzzer application would be executed from the Command Prompt. It has two major modules: 1)Buffer Overflow 2)Cross Site Scripting (XSS)
12. Firebug Lite for Google Chrome
Firebug Lite is not a substitute for Firebug, or Chrome Developer Tools. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elemements with your mouse, and live editing CSS properties.
Enjoy your pen testing with Google Chrome.
Hope you like my post.Use Google Chrome as Penetration Testing Tool. Please Share with others.