Sunday, 28 July 2013

Top 10 Hacking Add-ons Of Mozilla Firefox

Mozilla Firefox is not only a internet browsing tool but it is a fully armed hacking environment too. Hackers and security experts love to use this browser for penetration testing and vulnerability exploitation purpose.

HackBar: is like a toolbar but it comes very handy while testing for web vulnerabilities like SQL, XSS etc. Loading,Splitting and Execution of URL can be done using this toolbar. When testing for SQL and XSS vulnerabilities the codes/queries can be injected into the URL quickly using this toolbar. Features like encoding and encryption also come handy in many situations. Toolbar consists of many inbuilt string too.
Install it.



Wappalyzer: is a browser extension that uncovers the technologies used on websites. It detects content management systems, web shops, web servers, JavaScript frameworks, analytics tools and many more.
Install it.
  

 Server Spy:  indicates what brand of HTTP server (e.g. Apache, IIS, etc.) runs on the visited sites.
Install it.
TemperData: is used to 
  • view and modify HTTP/HTTPS headers and post parameters.
  • Trace and time http response/requests.
  • Security test web applications by modifying POST parameters.Install it.

NoScript: is the best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
Install it.

Firebug: integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
Install it.

Website City + Country Info: Shows the city and the countryflag of the website you are browsing to. See IP, provider, Oranisation name, GEO coordinates and further useful infos for security, fun and SEO reasons.
Install it.
  
FoxyProxy: is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It offers more features than other proxy addons.
Install it.

SQL Inject Me: is used to test for SQL Injection vulnerabilities.
The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.
Install it.

XSS-Me: is used to test for reflected Cross-Site Scripting (XSS). It does NOT currently test for stored XSS. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an XSS attack. The resulting HTML page sets a specific JavaScript value (document.vulnerable=true) then the tool marks the page as vulnerable to the given XSS string.
Install it.

Happy Hacking :)