Monday, November 3, 2014

FireFox as hacking platform.

This collection of addons is useful for pen testing engagements.

Information Gathering:
 Whois & geo-location :
  •   ShowIP - Shows IP of current page in status bar. Allows queriying custom services by IP and hostname by rt and lft click of mouse.
  •   Shazou - (shazoo) japanese for mapping. allows geolocation discovery
  •   HostIP.info Geolocation - Displays Geolocation using hostip.infodata data
  •   ActiveWhois - gets deatails about site ownwer and  it's host server.
  •   Bibirmer Toolbar - Some tweaking necessary. Includes Whois, DNS Report, Geolocation, Traceroute, Ping.

 Enumeration/ Fingerprinting:
  •    Header Spy - shows http headers on statusbar
  •    Header Monitor - displays responses of top level documents returned by web server 


 Social Engineering:

   People Search & Public Record - perform public searches record lookups with this addon.
 Googling and Spidering:
  •    Advanced dork - used to spider or scan for hidden files on a site using google's advanced    operators.
  •    Spider Zilla - mirror utility based on httrack from httrack.com
  •    Vew Dependencies - adds tab that lists all files which were loade3d to show current page. Good for spidering.


 Security Assesment / Code auditing:
 Editors:
  •      JSView - Allows view of open source on any web page.
  •    Cert Viewer Plus - adds options to view certificates
  •    Firebug - edit and debug css, html and javascript on the fly.
  •    XML Developer Toolbar - allows XML developers' tools from browser.


 Headers Manipulation:
  •    Header Monitor - displays http response header of top level document returned by web servers.
  •    RefControl - Control what gets sent as the http referrer on a per-site basis.   
  •   User Agent Switcher - allows switching of user      agent with button.


Cookies and Manipulation:
  •     Allcookies - Dumps ALL cookies to firefox standard cookies.txt , Session cookies included. 
  •     Cookie Swap - enables swapping of sets of         profiles of cookies while browsing.   
  •     httpOnly - Adds httpOnly cookie support to Firefox by encrypting cookies marked as httpOnly on the browser side.   
  •    Add n Edit Cookies - allows editing of sessions    and saved cookies.


 Security Auditing:
  •    HackBar - enables testing for SQLinjections, XSS    holes and site security. Helps developers secure    their code.
  •    Tamper Data - view and modidy http/https headers    and post parameters
  •    Chickenfoot - allows code manipulation on the fly
  •  Proxy/ Web Utils
  •    FoxyProxy - replaces ff's proxy management. offers    more features than Switch Proxy, ProxyButton,    QuickProxy, xyzroxy. ProxyTex etc
  •    SwitchProxy - anonymizer and allows changing proxy configurations
  •    POW (Plain Old WebServer) - Uses SJS (Server-side     JavaScript to run a server inside browser.  Includes security features to pwd protect user's site. Used to distribute files, create wikis, chat rooms and search engines using SJS.

 Malware Scanner:

  •    QArchive.org web files checker - allows checking  webfiles for malware    
  •    Dr.Web anti-virus checker - checks files and pages  pre download
  •    ClamWIN Antivirus Glue for Firefox - scans downloaded files

  Anti Spoof

   refspoof: overide URL referrer from sites


  Misc:

   Hacking for fun
  •     Greasemonkey: customize web pages with java script
  Encryption:
 

  •     Fire Encrypter: provides encryption/ decryption    and hashing from ff.   


     
   

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)