[float=left][/float][justify]Sometimes we can see some new challengers asking for some help using Micro$oft Edge or other uncanny software in order to complete some basic challenges… Here I suggest to use Firefox, to make the way easier to challenges completion. Why especially Firefox? At first because it’s free, it’s open-source, it’s a good and fast browser, but above all else because it’s highly customizable depending on your needs. Its add-on section on the Mozilla website offers thousands of extensions in many different categories, such as web development, penetration testing and security analysis. Using Firefox this way makes the job easier to do when you’re trying to find security holes or exploit some webserver flaws, and helps you to save time by using only one tool for many different tasks related to security tests. If you plan to become a white or gray hat, then this browser is your friend. It’s one of the most important browsers for testers working in Web application domain. If you don’t have it installed yet, you can download Firefox here: https://www.mozilla.org/.
Below is a little list of interesting extensions that you could find useful to perform penetration tests and complete some hacking challenges all over the web. This list of add-ons varies from information gathering tools to attacking tools (don’t pay attention to the list order). Use only the ones you need, many of them offering similar functionalities. They’re all free and downloadable from the official Mozilla website:
FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. Based on the URL patterns, it switches internet connection across one or more proxy servers. When proxy is in use, it also displays an animated icon.
Web Developer adds various web development tools to the browser. It helps in web application penetration testing.
DOM Inspector is a tool that can be used to inspect and edit the live DOM of any web document or XUL application. The DOM can be navigated using a two-paned window displaying a variety of different views on the document and all nodes within.
View Source Chart
Enables accelerated human processing of DOM
View Dependencies adds a tab to the Page Info window, in which it lists all the files which were loaded to show the current page.
Wappalyzer is an add-on that identifies softwares used by a website.
IE Tab V2
The updated, fully supported IE Tab. Embed IE in a Firefox tab. IE Tab Features: FF 4+ support, IE 7-9 compatibility modes, old IE Tab settings import. Enbles you to use the embedded IE engine within Mozilla Firefox.
With this tool, you can monitor each and every script running on a website ; you can block any of the scripts and see what each script actually does.
Automatically find user scripts on Userscripts.org (requires Greasemonkey or Scriptish)
Live HTTP Headers
View HTTP headers of a page and while browsing. It displays live headers of each http request and response. An essential add-on for security testing process.
Similar to the Live HTTP Header add-on but has header editing capabilities. Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
Add, modify and filter the HTTP request headers sent to web servers. This addon is particularly useful for Mobile web development, HTTP testing and privacy.
Shows HTTP headers on statusbar.
User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. User Agent add on helps in spoofing the browser while performing some attacks.
A developer tool for interacting with URLs and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results…
Cookies manager to view, edit and create new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.
Cookie Monster provides proactive cookie management on a site or domain level basis, including 3rd party cookies. Via the Toolbar, it provides easy access to enhanced cookie functionality, while doing so in a non-intrusive manner.
Exports all cookies in IE manner. Makes a Netscape standard cookies.txt file. Very useful for WGET –load-cookies option.
Websecurify is a complete and powerful cross-platform web security testing technology designed from the ground up with simplicity in mind. This tool can easily detect XSS, SQL injection and other web application vulnerability. It gives most of the features available in standalone tool.
Simple security audit / Penetration test tool. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can manually submit form data with GET or POST requests. It also has encryption and encoding tools, that helps in testing XSS vulnerability with encoded XSS payloads, and then perform the attack. It also helps you to easily bypass client side validations of the page.
Brute-force attacks on GET or POST forms
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack.
SQL Inject Me
SQL Injection vulnerabilities can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to the server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities.
Clear Cache Button
Adds a clear cache toolbar button. After installing the extension, find the clear cache button in the toolbar customization… Quick and easy to use!
Reloads web pages every so many seconds or minutes. The function is accessible via the context menu (menu you get when you right click on a web page) or via tab context menu (right click on the tab).
Show the IP address(es) of the current page in the status bar. Showip delivers Website, City, Country and other information for SEO, security and fun :) It also allows querying custom services by IP (right mouse button) and hostname (left mouse button), like whois, netcraft.
Displays a country flag depicting the location of the current website’s server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more…
This extension scans the TCP ports.
On a shared hosting, find other sites hosted on the web server.
Display server type, headers, country flag and the links whois reports.
Domaintools.com whois button…
Displays the current SSL/TLS cipher, protocol and certificate chain in the Add-on bar and Site ID dialog
Calomel SSL Validation
The addon will score the strength of the SSL connection. The toolbar button will change color depending on the strength of encryption from red (weak) to green (strong). The drop down window shows a detailed summary of the SSL connection.
Cert Viewer Plus
Certificate viewer enhancements: PEM format view, file export, trust configuration
Export All Certificates
Adds an option to the Certificate Manager to export all root certificates.
This add-on can decode and show viewstate contents of an *.aspx page. Once you intall this add-on, it shows up a ‘Show Viewstate’ item in context menu of Firefox. When this menuitem is clicked, a popup comes up showing the viewstate details.
PassiveRecon provides information security professionals with the ability to perform “packetless” discovery of target resources utilizing publicly available information. Simply visit the target entity’s website (using Tor), right mouse-click and navigate to the PassiveRecon menu, or use the status bar menu. From there you can open individual public domain websites or click Show All to view all of the sites at once.
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasnâ€™t have good reviews, it works satisfactorily.
SecurityFocus Vulnerabilities search plugin
SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.
Packet Storm search plugin
This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.
Offsec Exploit-db Search
This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.
Snort IDS Rule Search
Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. Itâ€™s an open source network Intrusion prevention and detection system with more than 400,000 users.
Firefox is not only a nice browser, but also a friend of penetration testers and security researchers. These browser extensions are useful for most of the tasks related to penetration testing work, and reduce the use of separate tools.
Some of these tools help in debugging and/or gathering information about a website and its servers. A few other tools help in intercepting and modifying header information, to perform attacks via headers.
In case you are trying to perform session hijacking, you can use an add-on to edit the cookies with the cookie data stolen from a userâ€™s browser.
SQL Inject ME, XSS Me and Websecurify are semi-automated tools to scan the page, and find the vulnerabilities that may be on the website. These 3 tools are dedicated security tools with a good success rate.
Hackbar is the best tool when you want to test a form against Post XSS. Hackbar helps you to manually submit a form to send POST data. If the app has client side validation in form, and has few limits in length and input, you can use Hackbar to submit form data manually and see the effect. It also has encoding tools to encode your XSS payloads, without using any separate tool. Most of the people involved in the security testing field use this tool.
Few tools are just search add-ons that can help you to search exploits and advisories from popular databases. You can use these add-ons to find the appropriate exploit to perform an attack on the web application, to check whether the app is affected with this known exploit or not.
I am sure you will like few of these add-ons and will use them in your security testing process. Personally I usually use AdBlock Plus, Ghostery, WebDeveloper, Firebug, Flagfox, NoScript, GreaseMonkey, Modify Headers, Cookies Manager+, HackBar, XSS me, SQL Inject Me and User Agent Switcher.[/justify]
[right]And you, which one do you use?[/right]