Useful Firefox Plugins
Sharing my list of favourite Firefox plugins. Some are used more for only when doing web application penetration testing, whereas some are useful for everyday awareness/protection when surfing around the interwebs. Do leave comments if this helps, or you have any complaints/suggestions to help improve the list 
- Adblock Plus: you know what this is for... Remember to disable when performing penetration testing.
- CacheViewer: Allows for viewing and sorting of cache files. Seldom used, but a great tool nonetheless when the need comes for it.
- Domain Details: Displays plenty of information about the server (type, headers, IP, location) that you're accessing. Good for basic information awareness during normal surfing.
- Download Statusbar: View and manage downloads from a tidy statusbar.
- DownThemAll: For fast grabbing of files from a directory.
- Firebug: Powerful tool for web developers that allows you to freely manipulate/view the loaded objects for a page. I haven't really figured out how to use this for penetration testing yet though.
- Greasemonkey: Could come in very handy if you want to do some mods to a site's page automatically, remember to enable/disable the scripts that aren't needed when on a penetration testing job.
- IE Tab: Don't really use this, unless I get a site that's coded to work only with "browsers like IE".
- iMacros for Firefox: Another powerful macro editing/playback tool, I don't use this though
- JavaScript Debugger: JS debugger and profiler, more useful for web developers I think.
- Live HTTP headers: Great for showing basic information about the HTTP headers being exchanged.
- NoScript: A MUST-HAVE for Forefox. Whitelists the scripts and objects that are allowed to load for a domain, amongst other protection features against other nasties out there. Remember to disable for penetration testing engagements.
- People Search and Public Record Toolbar: Great tool for information gathering, pity I never had the chance to really use it
- ScrapBook: Aids in archiving and organizing pages. I use it to profile a site's workflow.
- SwitchProxy / FoxyProxy: A must-have for changing between the many proxy tools that I use.
- Tamper Data: I use this to grab extra timeline information about the loading of pages. Also allows you to do request/response editing.
- User Agent Switcher: Self explanatory. Useful for certain situations only.
- View Dependencies: A must-have for organizing image/JavaScript/CSS resources for a page in a tidy manner.
- View formatted source: Formats HTML source neatly for viewing.
- View Source Chart: Formats final document DOM (after all the loading/JavaScript events have finished firing) for easy viewing. Also for when View formatted source isn't available for the version of Firefox that you're using.
- Web Developer: Great for manipulating the forms/cookies/JavaScript/whatnot on a page. A definite must-have for penetration testing.
DNS rebinding defense with Nginx
DNS rebinding's a particularly nasty attack, having similar characteristics as CSRF attacks where the user's browser can be used to access/attack sites on behalf of the attacker.
I'm not going to describe how it works here, there's plenty of literature out there that talks about it. And if that's not enough, Google Is Your Friend.
One of the simpler ways to defend against it is to have the server only serve requests with legit Host headers, which is what Wikipedia says anyway. (No I didn't edit that portion myself) This can be simply done with virtual hosts (HTTP/1.1), and can work for servers serving one domain, or two, or three, or many many many.
For nginx, a default catchall virtual host might look like this:
server {
listen 80 default;
server_name can-be-anything-not-served;
access_log /path/to/log/weird/access.log;
error_log /path/to/log/weird/error.log;
root /path/with/only/an/empty/index/html/file;
index index.html;
}
Note that this is configured to be the default listener on port 80 for this virtual host. Make sure your actual virtual host(s) configuration does not have the 'default' option.
The server_name can be anything other than the actual virtual host(s) that the server is serving on port 80.
I usually put nothing (only empty index.html files) in that root folder for this catchall virtual host,but you're free to put other files to serve indicators to your users, or just to taunt them when they get subjected to DNS rebinding attacks unknowingly. Just kidding about the taunting.
With this default catchall virtual host in place, you have a simple yet effective defense against DNS rebinding attacks! Now watch the attacks get thwarted like eggs against a steel wall.
Note that this is helpful in situations where you don't expect HTTP/1.0 requests, which is usually the case in today's world. If you have a case where you have work with HTTP/1.0 requests, then you really shouldn't use this defense method in the exact same manner.
Web Security Dojo v1.0 release
Web Security Dojo is a turnkey web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is ideal for both self-instruction and training classes since everything is pre-configured and no external network connection is needed. All tools and targets are configured to use non-conflicting ports and a Firefox proxy switcher is set up to match.
Web Security Dojo is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo. Collaboration and contributions are welcomed.
Looks pretty promising, I will be checking this out and writing more (as usual, when my "relaxed" schedule allows me to) later. But this looks like one of those training tools that I wished existed far earlier: a full environment with the targets and tools to let you learn and train your web application security kung-fu.
So what're you waiting for ?! Go grab a copy and try it out! Unless you really really want to see a review from me first. Heeeyyaaaahhhh!!