Turn Firefox into a Web Hacking Machine

Filed under Application Security

I have been seeing lots of recent articles about using Firefox as a hacking tool. Basically, you can download extensions (ie: plugins) for use in Firefox to manipulate and hack web pages.

I have listed some extensions that are worthwhile to use for web application testing:

Tamper Data – This extension works a lot like Paros Proxy but you don’t have to configure your proxy settings. If you don’t know what Paros Proxy is…it’s a proxy tool that allows you to intercept a request to a web server and then allow you to manipulate the request and send it on to the server.

Web Developer – A ton of features in this one! Great for taking apart a web page and manipulating stuff in a WYSIWYG.

HackBar – A nice little extension to conduct SQL injections and more.

Note: There are of many more tools!

Where to get these tools and more?
A real comprehensive list of tools is called FireCAT (now at v1.2). FireCAT is a mapping of hacking extensions for Firefox broken up into several different areas like Proxying, Auditing, Encryption, Malware Scanner, Information Gathering, Network Utilities, etc…You can easily download the html files and click on the extensions you want to install. Very easy. Even easier if you have FreeMind installed.

One Comment

  1. mele says:

    OWASP Mantra comes with all these and it is the best: http://www.getmantra.com/

    Its there in BackTrack 5 and Matriux

Post a Comment

Your email is never published nor shared. Required fields are marked *