Hacking Browser Addons For Hackers

Ken]

Senior Member
Member
Messages
214
Likes
36
#1
Firefox Addons

Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.
Add firebug to firefox:

Please Login or Register to view hidden text.



Web Developer
Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.
Add web developer to firefox:

Please Login or Register to view hidden text.



Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.
Add Live HTTP headers to firefox:

Please Login or Register to view hidden text.



Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
Add Tamper data to firefox:

Please Login or Register to view hidden text.

)

Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.
Add Hackbar to firefox:

Please Login or Register to view hidden text.




Websecurify
Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.
Add Websecurify to firefox:

Please Login or Register to view hidden text.



XSS Me
Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.
Add XSS Me to firefox:

Please Login or Register to view hidden text.



SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.
Add SQL inject me to firefox:

Please Login or Register to view hidden text.



Chrome Addons

Web Developer
Web Developer is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.
Add Web Developer Extension in Chrome here:

Please Login or Register to view hidden text.



Firebug Lite for Google Chrome
provides a rich visual environment to analyze HTML elements, DOM elements and other Box Model Shading. It also provides live CSS editing. It helps in analyzing how an application is working on the client’s side.
Add Firebug Lite to Google Chrome:

Please Login or Register to view hidden text.



Request Maker
is a core penetration testing tool. It’s used in creating and capturing requests, tampering the URL, and making new headers with post data. It can capture requests made via forms or XMLHttpRequests. You can see the function of this tool is similar to Burp. It’s also helpful in performing various kind of attacks in a web applications by modifying http requests.
Add Request Maker to Google Chrome:

Please Login or Register to view hidden text.



Cookie Editor
is a nice Chrome extension that lets users edit cookies. This tool is really helpful while hijacking vulnerable test sessions. It lets users delete, edit, add/or search cookies. It also lets users protect, block or export cookies in json. You can play with cookies as you want. This extension is ad-supported and all revenue goes to Unicef to help children worldwide. But Ads are not necessary and you can disable anytime from the extension settings page.
Add Edit This Cookie to Google Chrome:

Please Login or Register to view hidden text.



XSS Rays
is a nice extension that helps in finding XSS vulnerability in a website. It finds how a website is filtering the code. It also checks for injections and inspects objects. You can also easily extract, view and edit forms non-destructively even if forms cannot be edited. So many penetration testers use this extension as a dedicated XSS testing tool. It’s pure JavaScript XSS scanner. You can read more about XSS Rays here.
Add XSS rays to Google Chrome:

Please Login or Register to view hidden text.

 
Likes: Bugworm
Messages
4
Likes
0
#12
Firefox Addons

Firebug
Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.
Add firebug to firefox:

Please Login or Register to view hidden text.



Web Developer
Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.
Add web developer to firefox:

Please Login or Register to view hidden text.



Live HTTP Headers
Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.
Add Live HTTP headers to firefox:

Please Login or Register to view hidden text.



Tamper Data
Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.
Add Tamper data to firefox:

Please Login or Register to view hidden text.

)

Hackbar
Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.
Add Hackbar to firefox:

Please Login or Register to view hidden text.




Websecurify
Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.
Add Websecurify to firefox:

Please Login or Register to view hidden text.



XSS Me
Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.
Add XSS Me to firefox:

Please Login or Register to view hidden text.



SQL Inject Me
SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.
Add SQL inject me to firefox:

Please Login or Register to view hidden text.



Chrome Addons

Web Developer
Web Developer is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.
Add Web Developer Extension in Chrome here:

Please Login or Register to view hidden text.



Firebug Lite for Google Chrome
provides a rich visual environment to analyze HTML elements, DOM elements and other Box Model Shading. It also provides live CSS editing. It helps in analyzing how an application is working on the client’s side.
Add Firebug Lite to Google Chrome:

Please Login or Register to view hidden text.



Request Maker
is a core penetration testing tool. It’s used in creating and capturing requests, tampering the URL, and making new headers with post data. It can capture requests made via forms or XMLHttpRequests. You can see the function of this tool is similar to Burp. It’s also helpful in performing various kind of attacks in a web applications by modifying http requests.
Add Request Maker to Google Chrome:

Please Login or Register to view hidden text.



Cookie Editor
is a nice Chrome extension that lets users edit cookies. This tool is really helpful while hijacking vulnerable test sessions. It lets users delete, edit, add/or search cookies. It also lets users protect, block or export cookies in json. You can play with cookies as you want. This extension is ad-supported and all revenue goes to Unicef to help children worldwide. But Ads are not necessary and you can disable anytime from the extension settings page.
Add Edit This Cookie to Google Chrome:

Please Login or Register to view hidden text.



XSS Rays
is a nice extension that helps in finding XSS vulnerability in a website. It finds how a website is filtering the code. It also checks for injections and inspects objects. You can also easily extract, view and edit forms non-destructively even if forms cannot be edited. So many penetration testers use this extension as a dedicated XSS testing tool. It’s pure JavaScript XSS scanner. You can read more about XSS Rays here.
Add XSS rays to Google Chrome:

Please Login or Register to view hidden text.

Automatically Merged Double Post
can you help me
 
Last edited:

Users who viewed this discussion (Total: 0)

Discussion has not been viewed for long time.