Firefox addon collection for pentesting

Viewing 9 reply threads
  • Author
    • #4233

      The team at work put together our favorite addons for external pentests. its not a large as FIRECAT’s but does everything with newer, currently supported tools. Let me know if theres something we should add:

      If you are anything like us, you can spend hours tracking down Firefox add-ons.  Recently, Mozilla announced the release of ‘Collections‘, which allows you to create and store all of your favorite add-ons and customizations in one central place. If you need your add-ons installed in a new browser – just visit your Mozilla Collections account and one click will re-install all your plugins. In true Redspin spirit, I’ve made a Collections account chock full of add-ons that we use for the security testing of web-servers. Some of the add-ons included:

          * HackBar
          * SQL Injection!
          * Advanced Dork
          * HeaderSpy
          * UrlParams
          * XSS Me
          * Tamper Data
          * ShowIP
          * Plus some other goodies!

      Check out the Redspin Security Testing Add-ons.

    • #26823

      Thanks for sharing, Jhaddix. Will take a closer look at it when I’m at home.

    • #26824

      It’s a great list.  A lot of stuff I hadn’t seen/used before.  I also ran into this list from following the train of re-tweets from jasons tweet about it.  It has a few more things on it, but can’t vouch for the quality of them.

    • #26825

      Heres mine:

      Key Manager (create your own SSL Certs)
      Modify Headers
      SQL Injection
      Ref Control
      Random User Agent
      Print PDF
      Tamper Data
      X-Forwarded for Spoofer
      && Last but not least NoScript!

      Default theme is MacOSX 0.7.1 on firefox

      Enigmail on thunderbird with AnonRemail, Display user agent, thundersomething, default theme iLeopard Mail 3.1.3

      I try to keep the addons down as they chew resources and for things like XSS I use w3af or XSSploit.

      If you have Ubuntu invest time in getting your hands on to upgrade to the latest and greatest and once its setup you can cron job any future upgrades to install on demand. Never been a big fan of Ad-Block type about:config in the URL address part of your browser, see all those bits that have been inserted by ad-block to block adverts, that is bloatware! Avoid it and use NoScript as it is superior in every-way unless you want a bloated and slow browser.. By the time you click on block this advert for the hundredth time watch your about:config settings grow exponentially into wasted advert blocks..

      Other addons worth playing with are chickenfoot and greasemonkey.. but its all down to personal preferences 🙂

      P.S: The two developers that maintain Ad-Block and NoScript hate each others guts.. LMFAO!

      P.P.S: If you want to have some serious h4x0r fun lay your hands on a copy of Browser Rider or BeEF by and watch how to turn idiots into zombies… Did they upgrade to the latest and greatest, erm, nooo! but with BeEF running you can tell them as much with a pop-up message! 😀

    • #26826
      Michael J. Conway

      This is kinda unrelated but I did find BeEF on the BT4 PRefinal release. I guess I’m going to have to go play with it…..

    • #26827

      Hey thanks. I didn’t know about FF addon collection.

    • #26828

      I will be sure to evaluate and add any cool ones, thanks guys. I dont want the list to get too bloated, looking for quality not quantity.

    • #26829

      Exploit Me and Access Me from Security Compass.

    • #26830

      Another useful tool, though not specifically a pentest plugin is iMacros. iMacros allows one to automate a lot of repetitive pen test tasks. You just have to know which tasks can be automated and which can’t.

    • #26831

      SQL Inject Me and XSS Me by security compass are good addons. You can add your own payloads too.


      Just noticed you already had them on your list.  😛

Viewing 9 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?