Posts Tagged ‘ firefox ’

Firefox For Ninjas

It’s fairly common to be asked about your favorite tools but the problem is that it’s pretty difficult to give anyone a simple answer.  When dealing with network and application pen testing, there’s probably a tool for every attack vector but the tool you use is going to change based on the task at hand.  If there was one tool I couldn’t do without, it would undoubtedly be Firefox.  On its own it can do some pretty sweet stuff but its extensibility is what make it such a powerful tool.

I thought it would appropriate to list my top 10 Firefox add-ons which I always use for testing web applications.  So, in no particular order:

1. Firebug – Without a doubt one of the most amazing pieces of software ever produced.  Its capabilities are far too numerous to list here but suffice to say that it’s pretty much a must have for anyone in the business of development or security testing.  If this a new tool for you, be sure to check out this tutorial for help getting started.

2. FoxyProxy – FoxyProxy is a very robust proxy add-on and while anonymity is great, I always use it for switching to and from my local proxy.  FoxyProxy also allows for whitelisting, logging and lots more.

3. Web Developer – The Firefox Web Developer add-on is an awesome tool which allows you to do far more than I am even going to get into.  It’s somewhat similar to Firebug in its abilities but some things are just a bit easier to do with Web Developer than with Firebug.  If you’re using it while doing security testing on web applications, make sure to leverage it’s forms tools.

4. Greasemonkey – Greasemonkey is truly awesome and can allow you do some impressive stuff with just a little JavaScript hackery, particularly with more complex client-side controls.  Be sure to check out the Greasemonkey wiki and userscripts.org for some examples and inspiration.

5. Groundspeed – “Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.”  Enough said 🙂

6. User Agent Switcher – User Agent Switcher is pretty self explanatory.  It lets you change your user agent on the fly which can come in handy when dealing with more dated content like the sites best viewed with IE5.  It’s of course also great for dealing with mobile applications and IE/Safari/other specific applications.

7. View Source Chart – This add-on is pretty simple and pretty helpful as it’s a great tool to beautify the source code of rendered pages.

8. HackBar – I’m actually not a big fan of this one simply because having it enabled consumes too much browser space for my comfort.  It is however very useful for performing various encoding, encryption and other minor application wizardry tasks.  A personal favorite is the “Split URL” feature which provides a nice URL breakdown – very helpful when dealing with massive URLs.

9. Live HTTP Headers – Not a terribly fancy add-on but useful and simple when you need to view the HTTP headers as you browse.

10. Add N Edit Cookies – Small and useful.  This add-on allows you to add and edit saved cookies and session data.

Have some favorites of your own that weren’t listed?  Leave a comment and let everyone know!