In most of the time when we are security testing a website, it will be better if we are as loaded as we can be. So, having cool and very useful addons in our browser is a must.
We always want to make the testing process easy by installing different tools in the browser so that we don't have to go to different places or even OS to make small amendments in the pages of concern and test it immediately.
We always want to make the testing process easy by installing different tools in the browser so that we don't have to go to different places or even OS to make small amendments in the pages of concern and test it immediately.
Requirements :
- Mozilla Firefox (any of the new versions)
Here are some of the addons I find very useful while doing pentesting of a website :
1. Calomel SSL Validation :
We can see the different ranks on different criteria. On the above image the security is 100% does not mean it' non-hackable but it means that all the encryption process is done carefully and their randomness is up to the mark.
In the above image it's showing Insecure (red 45 %) which means that encryption at different levels is not done properly.
Note : This addon shows details of only https:// sites not http://.
2. Cookie Manager+ :
A very helpful tool to handle cookies of a website.
This tool can be accessed in Firefox from Tools > Cookie Manager+ > Cookie Manager+ after installing the addon.
This can be used to access all the cookies related to a website very easily on the click of a button. As you must be knowing that cookies can be used to authorize users on a website.
3. Firebug :
This is an advanced version of Inspect Element of a browser. This tool can be accessed by pressing the F12 key or by going through Tools > Web Developer > Firebug > Open Firebug.
Note : Dominator-pro can also be installed in Firebug later to test a website for DOM XSS.
4. Hackbar :
We can activate this or deactivate using F9 key while using the browser.
This address bar given with Hackbar is unaffected by the URL redirects. It will keep showing the original URL it was started with.
This is used by expert hackers while testing and exploiting a website for SQL-injection.
5. SQL Inject Me :
We can use the addon by the following ways :
1. Right click on an input field within website > Open SQL Inject Me Sidebar
2. Tools > SQL Inject Me > Open SQL Inject Me Sidebar
This addon is able to check all the visible and invisible input fields automatically.
6. Tamper Data :
This tool is used to tamper the data being sent to the server on the go. This may be very helpful for some payment or file upload related hack.
Tool can be started from Tools > Tamper Data > Start Tamper.
The requests will pop automatically as it arrives.
7. User agent Switcher :
User Agents are a way of identifying our machine from which we are accessing a website. Some websites have vulnerabilities or we can say features that it authorizes a user with a particular User Agent only. We can easily manipulate our user agent by using this tool.
We can access this by going through Tools > Default User Agent > Edit user agents...
Note : Some of the above mentioned addons are also available for Google Chrome but I've only used the ones for Mozilla Firefox and Hackbar & Tamper Data are my personal favorites. I use them a lot while surfing the web.
So, this was all for the post. I hope you find this information useful and please share your experiences and if you have any other addon in mind that is needed in the list, then comment them here.
Thanks for reading......Happy Hacking
We can activate this or deactivate using F9 key while using the browser.
This address bar given with Hackbar is unaffected by the URL redirects. It will keep showing the original URL it was started with.
This is used by expert hackers while testing and exploiting a website for SQL-injection.
5. SQL Inject Me :
We can use the addon by the following ways :
1. Right click on an input field within website > Open SQL Inject Me Sidebar
2. Tools > SQL Inject Me > Open SQL Inject Me Sidebar
This addon is able to check all the visible and invisible input fields automatically.
6. Tamper Data :
This tool is used to tamper the data being sent to the server on the go. This may be very helpful for some payment or file upload related hack.
Tool can be started from Tools > Tamper Data > Start Tamper.
The requests will pop automatically as it arrives.
7. User agent Switcher :
User Agents are a way of identifying our machine from which we are accessing a website. Some websites have vulnerabilities or we can say features that it authorizes a user with a particular User Agent only. We can easily manipulate our user agent by using this tool.
We can access this by going through Tools > Default User Agent > Edit user agents...
Note : Some of the above mentioned addons are also available for Google Chrome but I've only used the ones for Mozilla Firefox and Hackbar & Tamper Data are my personal favorites. I use them a lot while surfing the web.
So, this was all for the post. I hope you find this information useful and please share your experiences and if you have any other addon in mind that is needed in the list, then comment them here.
Thanks for reading......Happy Hacking
Keep it up bro nice work @mnsingh367@gmail.com from sachintiwari
ReplyDeleteThanks....I hope you find this and all future posts useful.
Delete