Firefox Addons For Penetration Testing
1>Firebug
(useful for the debugging tools that can help you tracking rogue javascript code on servers)
(useful for the debugging tools that can help you tracking rogue javascript code on servers)
2>User Agent Switcher
(You can use this extension to change the user agent of your browser)
(You can use this extension to change the user agent of your browser)
3>HackBar
(Useful for SQL injection and XSS attacks)
(Useful for SQL injection and XSS attacks)
4>HttpFox
(Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.)
(Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.)
5>Live HTTP Headers
(View the HTTP headers of a website instantly)
(View the HTTP headers of a website instantly)
6>Tamper Data
(View and modify HTTP/HTTPS headers and post parameters.)
(View and modify HTTP/HTTPS headers and post parameters.)
7>ShowIP
(Shows the IP of the current page)
(Shows the IP of the current page)
8>OSVDB
(Open Source Vulnerability Database Search)
(Open Source Vulnerability Database Search)
9>Packet Storm search plugin
(Search the packet storm database for exploits)
(Search the packet storm database for exploits)
10>Offsec Exploit-db Search
(Search the Exploit-db archive)
(Search the Exploit-db archive)
11>Security Focus Vulnerabilities Search Plugin
(Search for vulnerabilities in the Security Focus)
(Search for vulnerabilities in the Security Focus)
12>Cookie Watcher
(Watch the selected cookie in the status bar)
(Watch the selected cookie in the status bar)
13>Header Spy
(Shows HTTP Headers on status bar)
(Shows HTTP Headers on status bar)
14>Groundspeed
(Manipulate the application user interface)
(Manipulate the application user interface)
15>CipherFox
(Displays the current SSL/TLS cipher and certificate on the status bar)
(Displays the current SSL/TLS cipher and certificate on the status bar)
16>XSS Me
(Tool for testing reflected XSS vulnerabilities)
(Tool for testing reflected XSS vulnerabilities)
17>SQL Inject Me
(Extension to test SQL Injection vulnerabilities)
(Extension to test SQL Injection vulnerabilities)
18>Wappalyzer
(Discover technologies and applications that are used on websites)
(Discover technologies and applications that are used on websites)
19>Poster
(Make HTTP requests,interact with web services and watch the output)
(Make HTTP requests,interact with web services and watch the output)
20>Javascript Deobfuscator
(Show the JavaScript code that are running on web pages)
(Show the JavaScript code that are running on web pages)
21>Modify Headers
(Modify HTTP request headers)
(Modify HTTP request headers)
22>FoxyProxy
(Advanced proxy management tool)
(Advanced proxy management tool)
23>FlagFox
(Displays a country flag for the location of the web server)
(Displays a country flag for the location of the web server)
24>Greasemonkey
(Customize the way a webpage behaves by using small bits of JavaScript)
(Customize the way a webpage behaves by using small bits of JavaScript)
25>Domain Details
(Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports)
(Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports)
26>Websecurify
(Useful for security assessments in web applications)
(Useful for security assessments in web applications)
27>XSSed Search
(Search the cross-site scripting database at XSSed.Com)
(Search the cross-site scripting database at XSSed.Com)
28>ViewStatePeeker
(ASP.NET viewstate viewer)
(ASP.NET viewstate viewer)
29>CryptoFox
(CryptoFox is an encryption/decryption tool for cracking MD5 passwords)
(CryptoFox is an encryption/decryption tool for cracking MD5 passwords)
30>WorldIP
(Location of the web server,IP,Datacenter,Ping,Traceroute,RDNS,AS etc)
(Location of the web server,IP,Datacenter,Ping,Traceroute,RDNS,AS etc)
31>Server Spy
(Unveils the technology of the web server (Apache, IIS etc.)
(Unveils the technology of the web server (Apache, IIS etc.)
32>Default Passwords
(Search CIRT.net default password database)
(Search CIRT.net default password database)
33>Snort IDS Rule Search
(Search for Snort IDS Rules)
(Search for Snort IDS Rules)
