Turn the Mozilla browser into a pen testing tool

Talk about internet security, computer security, personal security, your social security number...
Post Reply
Senior Member
Posts: 237
Joined: Sat Mar 21, 2009 6:29 pm

Turn the Mozilla browser into a pen testing tool

Post by luntrus » Mon Aug 23, 2010 6:38 pm

Hi dear forum friends,

With some very interesting add-ons the Firefox browser can be turned into a pen-tester tool. See an instruction video here:
http://www.scribd.com/doc/28590479/Blac ... th-Firefox
A small collection of add-ons for this specific aim:
Multi-proxy-switch: https://addons.mozilla.org/en-US/firefox/addon/7330/
or: https://addons.mozilla.org/en-US/firefox/addon/2464/ to quickly change between Burp and Tor
PacketlessRecon https://addons.mozilla.org/en-US/firefox/addon/6196/ gain packet less info on the target
Show Ip https://addons.mozilla.org/en-US/firefox/addon/590/ shows server IP and additional\ IP-adresses in case of
load balancing.
Live HTTP-headers: https://addons.mozilla.org/en-US/firefox/addon/3829/ view HTTP-headers of a page
Wappalyzer: https://addons.mozilla.org/en-US/firefox/addon/10229/
Backend software Information https://addons.mozilla.org/en-US/firefox/addon/10493/ to identify platform frameworks and major apps
Hackbar: https://addons.mozilla.org/en-US/firefox/addon/3899/ to enter POST requests
Add and edit cookies: https://addons.mozilla.org/en-US/firefox/addon/13793/ to inspect cookies and testing
Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843/
& Wilderbug: http://www.command-tab.com/2008/01/19/w ... n-firebug/ with all sort of tools and options
Lazarus: https://addons.mozilla.org/en-US/firefox/addon/6984/ will memorize info on web forms
FxIF: https://addons.mozilla.org/en-US/firefox/addon/5673/ for analyzing META information
Fireforce: https://addons.mozilla.org/en-US/firefox/addon/64765/ brute force attacker via GET and POST
Another good tool is the FireCAT: https://addons.mozilla.org/en-US/firefo ... at1_5_plus
Injection tool testing add-ons I have presented elsewhere here: https://addons.mozilla.org/en-US/firefox/addon/7597/, https://addons.mozilla.org/en-US/firefo ... ddon/6727/ together with examples and the use of the Firekeeper extension,

Another specific add-on for the malware fighter is Malware Search https://addons.mozilla.org/en-US/firefox/addon/6718/

For malware analysis there is the specific VM browser malzilla (only for specialists/ experts), or a visit to jsunpack (also for specialists/experts}
and then NoScript should be installed at all times)
For general script/third party requests protection in Fx and Flock browser always use the combination of the NoScript add-on: https://addons.mozilla.org/en-US/firefox/addon/722/ and the RequestPolicy add-on: https://addons.mozilla.org/en-US/firefox/addon/9727/
The latter just to be in better control of cross site requests,

Mind you you are only allowed to pen test what belongs to you and/or what you were given explicit authorization to pen test,
now you should have turned the Firefox browser into a handy pen testing tool,

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/2010062819 Firefox/3.0.19 Flock/2.6.1

Post Reply