Download the white paper.  Download Josh’s Metasploit modules.  Download Kevin’s vulnerable web services.

“The ExploitMe tools — which are in currently in beta form — include SQL Inject-Me, which lets you right-click on an HTML field in your Firefox browser and inject it with SQL injection payloads, and XSS-Me, which works the same way, but with XSS. The tools developers also plan to release Web services exploit tools as well…”

Looks like this is becoming a new trend in application testing tools. Good to see that things are using a good framework like Firefox extensions to add useful tools for testing. Note that I just did a quick search for the ExploitMe set of of tools in the Firefox extensions database and it has not been released yet as the creators will be launching these tools at the SecTor conference later this month.

I have listed some extensions that are worthwhile to use for web application testing:

Tamper Data – This extension works a lot like Paros Proxy but you don’t have to configure your proxy settings. If you don’t know what Paros Proxy is…it’s a proxy tool that allows you to intercept a request to a web server and then allow you to manipulate the request and send it on to the server.

Web Developer - A ton of features in this one! Great for taking apart a web page and manipulating stuff in a WYSIWYG.

HackBar – A nice little extension to conduct SQL injections and more.

Note: There are of many more tools!

Where to get these tools and more?
A real comprehensive list of tools is called FireCAT (now at v1.2). FireCAT is a mapping of hacking extensions for Firefox broken up into several different areas like Proxying, Auditing, Encryption, Malware Scanner, Information Gathering, Network Utilities, etc…You can easily download the html files and click on the extensions you want to install. Very easy. Even easier if you have FreeMind installed.