[blog.rayfoo] » penetration testing http://blog.rayfoo.info Infosec, DFIR, tech geekery, thoughts and whatnot Wed, 25 Jan 2012 00:36:47 +0000 en hourly 1 Useful Firefox Plugins http://blog.rayfoo.info/2010/03/useful-firefox-plugins http://blog.rayfoo.info/2010/03/useful-firefox-plugins#comments Wed, 03 Mar 2010 15:46:23 +0000 ray http://blog.rayfoo.info/?p=474 Sharing my list of favourite Firefox plugins.  Some are used more for only when doing web application penetration testing, whereas some are useful for everyday awareness/protection when surfing around the interwebs.  Do leave comments if this helps, or you have any complaints/suggestions to help improve the list :P

  • Adblock Plus: you know what this is for...  Remember to disable when performing penetration testing.
  • CacheViewer: Allows for viewing and sorting of cache files.  Seldom used, but a great tool nonetheless when the need comes for it.
  • Domain Details: Displays plenty of information about the server (type, headers, IP, location) that you're accessing.  Good for basic information awareness during normal surfing.
  • Download Statusbar: View and manage downloads from a tidy statusbar.
  • DownThemAll: For fast grabbing of files from a directory.
  • Firebug: Powerful tool for web developers that allows you to freely manipulate/view the loaded objects for a page.  I haven't really figured out how to use this for penetration testing yet though.
  • Greasemonkey: Could come in very handy if you want to do some mods to a site's page automatically, remember to enable/disable the scripts that aren't needed when on a penetration testing job.
  • IE Tab: Don't really use this, unless I get a site that's coded to work only with "browsers like IE".
  • iMacros for Firefox: Another powerful macro editing/playback tool, I don't use this though :P
  • JavaScript Debugger: JS debugger and profiler, more useful for web developers I think.
  • Live HTTP headers: Great for showing basic information about the HTTP headers being exchanged.
  • NoScript: A MUST-HAVE for Forefox.  Whitelists the scripts and objects that are allowed to load for a domain, amongst other protection features against other nasties out there.  Remember to disable for penetration testing engagements.
  • People Search and Public Record Toolbar: Great tool for information gathering, pity I never had the chance to really use it :(
  • ScrapBook: Aids in archiving and organizing pages.  I use it to profile a site's workflow.
  • SwitchProxy / FoxyProxy: A must-have for changing between the many proxy tools that I use.
  • Tamper Data: I use this to grab extra timeline information about the loading of pages.  Also allows you to do request/response editing.
  • User Agent Switcher: Self explanatory.  Useful for certain situations only.
  • View Dependencies: A must-have for organizing image/JavaScript/CSS resources for a page in a tidy manner.
  • View formatted source: Formats HTML source neatly for viewing.
  • View Source Chart: Formats final document DOM (after all the loading/JavaScript events have finished firing) for easy viewing.  Also for when View formatted source isn't available for the version of Firefox that you're using.
  • Web Developer: Great for manipulating the forms/cookies/JavaScript/whatnot on a page.  A definite must-have for penetration testing.
]]> http://blog.rayfoo.info/2010/03/useful-firefox-plugins/feed 2