Use Firefox Browser as a Penetration Testing Tool :-
Firefox is one of the most used Browser used by Security professionals due to it,s encryption process. However Google Chrome is most used browser in this day on internet due to it,s speed. But if you still wants to use the both Firefox and Chrome features, try Comodo Dragon Browser.
Today i am going to show you Use Firefox Browser as a Penetration Testing Tool with the help of these Plugins.
Firecat (firefox catalog of auditing extensions) is a mindmap collection of the most efficient and useful firefox extensions oriented application security auditing and assessment. firecat is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners..
Suite of lightweight security testing tools. introduced at SecTor’07 by Nischal Bhalla and Rohit Sethi of Security Compass.
- XSS-ME to test for Cross-Site Scripting vulnerablities
- SQL Inject-ME to test for SQL injection vulnerablties.
- Access-Me tests access vulnerablities.
4. Tamper Data
- Acts like a Proxy server
- Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
- Trace and time http response/requests.
- Security test web applications by modifying POST parameters.
- Changing high scores on flash-based games
Passive Recon is a Firefox extension that queries a multitude of public databases and lookups to reveal as many information as possible about a domain without interacting with it directly.
6. Web Developer
Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing. this tool is very helpful. make web development very easy. it make other professional site “naked” so that we can make learn from them..
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code.
The advantages are:-
- Even the most complicated urls will be readable
- The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
- The url in textarea is not affected by redirects.
- Useful tools like on the fly uu/url decoding etc.
- All functions work on the currently selected text.
- MD5/SHA1/SHA256 hashing
- MySQL/MS SQL Server/Oracle shortcuts
- XSS useful functions
8. Add N Edit Cookies
“Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account
9. Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.
Flagfox is an extension that displays a flag icon indicating the current webserver’s physical location. Knowing where you’re connected to adds an extra layer of awareness to your browsing and can be useful to indicate the native languages and legal jurisdictions that may apply. Additional information can be obtained via a multitude of external lookups and users can add their own custom actions. All actions can be added to the flag icon’s context menu and set to icon click or keyboard shortcuts for quick access.
11.SQL Inject Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
12. XSS Me 0.4.6
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
13. Access Me 0.2.4
Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities.
Hope you like my post.Use Firefox Browser as a Penetration Testing Tool. Please Share with others.