Web Hacking Firefox Plugins

When conducting a penetration test of a web application, it is very helpful to have some additional functionality built into our web browsers. My primary browser I use for conducting assessments is Mozilla’s Firefox.

Firefox Add-ons I Use

  1. AdBlock Plus – I disable this AdBlocker while testing as I want to see all the images and ads. But sometimes I use Firefox for browsing other things.
  2. Cookies Manager+ – Add/edit/delete cookies
  3. Extended Statusbar – Gives you more info about your system and network traffic (target IP address, time for responses, etc.) in a bar.
  4. Firebug – All around good tool for examining the underlying HTML/JavaScript/other code on the web page. Similar to the “Developer Tools” option in Chrome and
  5. FireGestures – Right click and move the mouse to do things like move back a page, close a tab, etc.
  6. FlashFirebug – Allows Firebug to examine flash content
  7. FoxyProxy Standard – Quick switching between proxies (Burp, ZAP, remote proxy…)
  8. Ghostery – Great replacement for NoScript to block ads/widgets/trackers in pages. Disable it while testing. Enable it after.
  9. JSONView – View JSON responses in a pretty format
  10. ShowIP – Show the IP of your target in a toolbar
  11. User Agent Switcher – Switch user agents to appear like your Firefox is a different browser. Make your own User Agent strings with XSS in them for more fun!
  12. Tamper Data – Simple proxy for examining and editing web app traffic.

Your Suggestions

So I tweeted and asked people to submit their favorites. Those are below. There are some really good suggestions that I had forgotten about too. Thanks to Mike Saunders ‏@hardwaterhacker Andrew Smith ‏@jakx_, and Kevin Sugihara ‏@sugitime.

  • Hackbar – A swiss army knife of toolbars for attackers.
  • Soa client – Need to talk to a WSDL or via SOAP? Here’s a client.
  • httprequester – Addon that makes GET/POST/PUT and other HTTP requests in browser.
  • RESTClient – Client for making…wait for it…RESTful requests through your browser.
  • HSM – This is a collection of a BUNCH of addons. Kind of a one-stop-shop for appsec addons.

One thought on “Web Hacking Firefox Plugins

  1. Ԝay cool! Some veгy valid poіnts! ӏ аppreciate үou writing tɦіs article
    ƿlus the rest of thе website is also гeally ցood.

    Look at my weblog; windows 8 crack

Comments are closed.

Up ↑

%d bloggers like this: