My heart beats for web hacking. This is the direction I have chosen for my professional life. Today I’ll let you in on a secret. A small secret. Today I’ll talk about Firefox extensions I love the most.

The extensions

There are tons of extensions out there – both discovered and undiscovered ones. Some are great, some are junk. If you have suggestions on good ones, please leave a comment! Anyway, the following list is a result of research I’ve done myself and from input from classes and certifications. Enjoy!

FoxyProxy Standard

FoxyProxy is a proxy management extension that  improves the built-in proxy capabilities of Firefox. Working with proxies in Firefox is a pain, this extension will ease that pain. It’ll add a small button near the address bar for easy access. I primarilly use this extension to communicate with BurpSuite.

Install from here: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Hackbar

Hackbar is the extension I use the most, next after FoxyProxy. This extension will add a input field direct beneath the address bar. In many ways it is an extended address bar with some extra cool features. It’s great for doing manual XSS and SQL injections. Words don’t describe it.

Install from here: https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Web Developer toolbar

This is one of the best extensions available, and third on my list. It’s a collection of various tools related to developing for the Web. For instance, it gives you easy access to turn off Javascript support, easy access to clear cookies and whatnots.This is more like a Swiss army knife. I advice you to check it out!

Install from here: https://addons.mozilla.org/de/firefox/addon/web-developer/

User Agent Switcher

Sometimes I stumble across sites that only let me access the goods using a specific browser – or if some completely random bogus string in the user-agent is present. Security by obscurity? You bet. When it comes to modification of the user-agent, this extension will save the day. It’ll let you define your own user-agents, or switch from a pre-made list.

Live HTTP Headers

I don’t use this extension much because of the network tab in Firefox’s developer tool and I lean to use BurpSuite instead. Anyway. Given that you want to do anything from Firefox, this extension will let you inspect the HTTP headers passing back and forth.

Install from here: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

Tamper Data

This extension is kinda similar to Live HTTP-Header – except you can edit the headers. I don’t use this extension much either. It’s a great extension for doing XSS and SQL injections if you platform is Firefox only.

Install from here: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

Resources

For even more extensions, go see

 

 

 

Advertisements