20 Best Firefox Add-

ons for Penetration

Testers and Hackers

Ali Asghar Jafari Lari

admin@SecurityAdviser.ir

1.HACK BAR

This Firefox Extension is very useful for Pen Testers.It is developed by John Adriaans and Pedro Leguna.It extends the address bar of Firefox so helps us by providing enough space for long injection URLs during Penetration Testing.

This Tool helps in finding SQL Injection,XSS holes and also helps in making Site Security.Main Function of this tool is to make Pen Test more Faster and Reliable.

Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar/

2.FIREBUG

It is the web development tool that facilitates debugging,editing and monitoring of any website’s HTML,CSS,DOM,XHR and JavaScript as well as it also uses web development tool.It is Free and open source and come under BSD license.Written by Joe Hewitt.

Download: https://addons.mozilla.org/en-US/firefox/addon/firebug/

3.XSS ME

It is the Exploit-Me tool used for testing Reflected XSS Vulnerabilities.It is the part of Exploit-Me suite of Firefox add-ons for testing web applications.

Download: https://addons.mozilla.org/en-us/firefox/addon/xss-me/

4.SQL INJECTION ME

This Firefox add-on is used for detecting SQL Injection Vulnerabilities.It is also the part of Exploit-ME suite of Firefox add-ons for testing web applications.

Download: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/

5.ADD N EDIT COOKIES

This Firefox add-on is the Cookie Editor which allows you to add and edit “Session” and Saved Cookies.

Download: https://addons.mozilla.org/en-us/firefox/addon/add-n-edit-cookies/

6.TAMPER DATA

You can use Tamper Data to view and modify HTTP/HTTPS Headers and POST parameters.It is used by Pen Testers for testing web application security by modifying POST parameters.

Download: https://addons.mozilla.org/En-us/firefox/addon/tamper-data/

7.LIVE HTTP HEADERS

As it name suggests it is used to view and edit real-time HTTP headers and data while browsing a web page.It analyze all the traffic generated by web page.

Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

8.ACCESS ME

It is now the Exploit-Me Tool Suite.It is used to test some access vulnerabilities related to web applications.

Download: https://addons.mozilla.org/En-us/firefox/addon/access-me/

9.WEBSECURIFY

It is the cross-platform Web Testing Application.Also available as Firefox add-on.

Download: https://addons.mozilla.org/en-us/firefox/addon/websecurify/

10.FLAGFOX

It is the Firefox Extension displays a ‘flag icon’ indicating the current web server’s physical location.Also allow us to perform Tracerouting,Translation,Validation,Geolocationing,URL Shortening,Customlook-ups and much more.

Download: https://addons.mozilla.org/en-US/firefox/addon/flagfox/

11.CRYPTOFOX

It is the Encryption/Decryption Tool with dictionary attack support for cracking MD5 passwords.

Download: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

12.FIRESHEEP

It is the Firefox Extension that demonstrates Session Hijacking.It uses Packet Sniffers to intercept unencrypted cookies from a website such as Facebook and Twitter.

Download: http://codebutler.github.io/firesheep/

13.OFFSEC EXPLOIT-DB SEARCH

This plugin lets you search on Offsec Exploit Archive also known as Explo.it,is the replacement of Milworm archive.

Download: https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/

14.PACKET STORM SEARCH PLUGIN

This plugin lets you search on Packet Storm database.It offers up-to-date security tools,exploitsand much more.

Download: https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/

15.SQL INJECTION

It is the another Firefox extension which lets you identify SQL injection vulnerabilities in web pages.

Download: https://addons.mozilla.org/en-US/firefox/addon/sql-injection/?src=collection&collection_id=9f646761-2760-4d57-b0a5-06997613e677

16.HTTPFOX

It is used to analyze HTTP Headers.

Download: https://addons.mozilla.org/en-US/firefox/addon/httpfox/?src=collection&collection_id=9f646761-2760-4d57-b0a5-06997613e677

17.OSVDB

(Open Source Vulnerabilities Database Search) It lets you search on open source vulnerability database.

Download: https://addons.mozilla.org/en-US/firefox/addon/osvdb/?src=collection&collection_id=9f646761-2760-4d57-b0a5-06997613e677

18.WAPPALYZER

This Firefox add-on is capable to identifies software on websites.

Download: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/?src=collection&collection_id=9f646761-2760-4d57-b0a5-06997613e677

19.COOKIES MANAGER+

It is used to view,edit and create new cookies.It lets you edit multiple cookies at a time.

Download: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/?src=collection&collection_id=9f646761-2760-4d57-b0a5-06997613e677

20.HACKTHEWEB

It is the collection of several tools and scripts that could really help you while pen testing.

Download: https://addons.mozilla.org/en-US/firefox/addon/hack-the-web/

ABOUT ME

Ali Asghar Jafari Lari

Author, Lecturer and Security Adviser

Manager of Parsing cyber research and network security team

Admin@SecurityAdviser.ir