[float=left]Image[/float][justify]Sometimes we can see some new challengers asking for some help using Micro$oft Edge or other uncanny software in order to complete some basic challenges… Here I suggest to use Firefox, to make the way easier to challenges completion. Why especially Firefox? At first because it’s free, it’s open-source, it’s a good and fast browser, but above all else because it’s highly customizable depending on your needs. Its add-on section on the Mozilla website offers thousands of extensions in many different categories, such as web development, penetration testing and security analysis. Using Firefox this way makes the job easier to do when you’re trying to find security holes or exploit some webserver flaws, and helps you to save time by using only one tool for many different tasks related to security tests. If you plan to become a white or gray hat, then this browser is your friend. It’s one of the most important browsers for testers working in Web application domain. If you don’t have it installed yet, you can download Firefox here: https://www.mozilla.org/.

Below is a little list of interesting extensions that you could find useful to perform penetration tests and complete some hacking challenges all over the web. This list of add-ons varies from information gathering tools to attacking tools (don’t pay attention to the list order). Use only the ones you need, many of them offering similar functionalities. They’re all free and downloadable from the official Mozilla website:

Firefox is not only a nice browser, but also a friend of penetration testers and security researchers. These browser extensions are useful for most of the tasks related to penetration testing work, and reduce the use of separate tools.
Some of these tools help in debugging and/or gathering information about a website and its servers. A few other tools help in intercepting and modifying header information, to perform attacks via headers.
In case you are trying to perform session hijacking, you can use an add-on to edit the cookies with the cookie data stolen from a user’s browser.
SQL Inject ME, XSS Me and Websecurify are semi-automated tools to scan the page, and find the vulnerabilities that may be on the website. These 3 tools are dedicated security tools with a good success rate.
Hackbar is the best tool when you want to test a form against Post XSS. Hackbar helps you to manually submit a form to send POST data. If the app has client side validation in form, and has few limits in length and input, you can use Hackbar to submit form data manually and see the effect. It also has encoding tools to encode your XSS payloads, without using any separate tool. Most of the people involved in the security testing field use this tool.
Few tools are just search add-ons that can help you to search exploits and advisories from popular databases. You can use these add-ons to find the appropriate exploit to perform an attack on the web application, to check whether the app is affected with this known exploit or not.

I am sure you will like few of these add-ons and will use them in your security testing process. Personally I usually use AdBlock Plus, Ghostery, WebDeveloper, Firebug, Flagfox, NoScript, GreaseMonkey, Modify Headers, Cookies Manager+, HackBar, XSS me, SQL Inject Me and User Agent Switcher.[/justify]

[right]And you, which one do you use?[/right]