Firefox is one the most secured web browser in the world. Have you ever drmed of that we can use Firefox to like a pro? Firefox like other browsers has a fture called add-on. Add-ons adds an additional functionality to your Firefox browser. There are thousands of Firefox add-ons available for Mozilla but Computerworld brings you the best and most effective add-ons ever on Firefox. In short, we are listing a most popular and interesting Firefox add-ons that are useful for s. This list of 11 add-ons vary from information gathering tools to attacking tools. All these add-ons are available for free and you can download from the Mozilla add-on website. So friends lets see what loops has bring this time for you. I will list them in way from top( I like most) to bottom pattern but note that all of them are extremely good tools.
11 Firefox Add-ons a Must Have and use
1. Tamper Data
Tamper data is an grt tool to to view and modify HTTP/HTTPS hders and post parameters. We can alter ch request going from our machine to destination host with this. Thus it helps in security testing web appliion by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying hder data.
Add Tamper data to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/tamper-data/
2. Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an rlly helpful add-on in finding DOM based XSS for security testing professionals.
Add firebug to your browser :
https://addons.mozilla.org/en-US/firefox/addon/firebug/
3. bar
bar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard s but you can sily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with end XSS payloads. It also supports board shortcuts to perform various tasks.I am sure, most of the persons in the security field alrdy know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can sily bypass client side s of the page. If your payload is being end at client side, you can use an encoding tool to en your payload and then perform the attack. If the appliion is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the bar add-on on Firefox browser.
Add bar to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/bar/
4. Cookies Manager+
Cookie Manager is one of the grtest tool ever made. Using this tool you can actually play with cookies. You can alter almost all cookie using this tool. You can use Cookies manager to view, edit and crte new cookies. It also shows extra information about cookies, allows edit multiple cookies at once and backup/restore them.
Add Cookies Manager to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/
5. NoScript
No Script add-ons grtness is beyond imagination. With this tool you can monitor ch an every script running on website, you can block any of scripts and see what actually that scripts does on website. But this add-on is for experts, newbies will face problems using this. Note: If you are testing XSS, HTTPS hder modifiions, Injection attacks on any website you need to disable this plugin because it will not allow you to do so.
Add NoScript to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/noscript/
6. Grse Mon
Grse Mon is an counter part of No Script, its actually behaves opposite of Noscript. We use Noscript to block the scripts and use GrseMon to run the scripts. It allows you to customize the way a web page displays or behaves, by using small bits of JavaScript.
Add Grse Mon to Firefox :
https://addons.mozilla.org/en-US/firefox/addon/grsemon/
7. User At Switcher
User At Switcher add-on; adds a one click user at switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user at, use the browser button. User At add on helps in spoofing the browser while performing some attack.
Add user at Switcher to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/user-at-switcher/
8. CryptoFox
CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption aorithm. So, you can sily encrypt or decrypt data with supported encryption aorithm. This add-on comes with dictionary attack support, to MD5 s. Although, it hasn’t have good reviews, it works satisfactorily.
Add CryptoFox to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/cryptofox/
9. SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web appliions. This tool does not the vulnerability but display that it exists. SQL injection is one of the most harmful web appliion vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to srch database error messages. If it finds a database error message, it marks the page as vulnerable. s can use this tool for SQL injection testing.
Add SQL Inject Me to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/
10. XSS ME
Cross Site Scripting is the most found web appliion vulnerability. For detecting XSS vulnerabilities in web appliions, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.
Add XSS ME to Firefox:
https://addons.mozilla.org/en-us/firefox/addon/xss-me/
11. Passive Recon
Last but not the lst. Passive recon is a good information gathering tool.
PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. It gathers information like DnsStuff tool available on backtrack.
Add Passive Recon to Firefox:
https://addons.mozilla.org/en-US/firefox/addon/passiverecon/
That's all for today , i hope you all are enjoying your journey towards becoming a Professional . Have fun! Keep Lrning.
No comments:
Post a Comment