Web Hacking Firefox Plugins

When conducting a penetration test of a web application, it is very helpful to have some additional functionality built into our web browsers. My primary browser I use for conducting assessments is Mozilla’s Firefox

Firefox Add-ons I Use

  1. AdBlock Plus – I disable this AdBlocker while testing as I want to see all the images and ads. But sometimes I use Firefox for browsing other things.
  2. Cookies Manager+ – Add/edit/delete cookies
  3. Extended Statusbar – Gives you more info about your system and network traffic (target IP address, time for responses, etc.) in a bar. 
  4. Firebug – All around good tool for examining the underlying HTML/JavaScript/other code on the web page. Similar to the “Developer Tools” option in Chrome and 
  5. FireGestures – Right click and move the mouse to do things like move back a page, close a tab, etc.
  6. FlashFirebug – Allows Firebug to examine flash content
  7. FoxyProxy Standard – Quick switching between proxies (Burp, ZAP, remote proxy…)
  8. Ghostery – Great replacement for NoScript to block ads/widgets/trackers in pages. Disable it while testing. Enable it after.
  9. JSONView – View JSON responses in a pretty format
  10. ShowIP – Show the IP of your target in a toolbar
  11. User Agent Switcher – Switch user agents to appear like your Firefox is a different browser. Make your own User Agent strings with XSS in them for more fun!
  12. Tamper Data – Simple proxy for examining and editing web app traffic. 

Your Suggestions

So I tweeted and asked people to submit their favorites. Those are below. There are some really good suggestions that I had forgotten about too. Thanks to , and .

  • Hackbar – A swiss army knife of toolbars for attackers.
  • Soa client – Need to talk to a WSDL or via SOAP? Here’s a client.
  • httprequester – Addon that makes GET/POST/PUT and other HTTP requests in browser.
  • RESTClient – Client for making…wait for it…RESTful requests through your browser.
  • HSM – This is a collection of a BUNCH of addons. Kind of a one-stop-shop for appsec addons.

One thought on “Web Hacking Firefox Plugins

Comments are closed.

A WordPress.com Website.

Up ↑

%d bloggers like this: