September 4, 2009 at 4:21 am #4233JhaddixParticipant
The team at work put together our favorite addons for external pentests. its not a large as FIRECAT’s but does everything with newer, currently supported tools. Let me know if theres something we should add:
If you are anything like us, you can spend hours tracking down Firefox add-ons. Recently, Mozilla announced the release of ‘Collections‘, which allows you to create and store all of your favorite add-ons and customizations in one central place. If you need your add-ons installed in a new browser – just visit your Mozilla Collections account and one click will re-install all your plugins. In true Redspin spirit, I’ve made a Collections account chock full of add-ons that we use for the security testing of web-servers. Some of the add-ons included:
* SQL Injection!
* Advanced Dork
* XSS Me
* Tamper Data
* Plus some other goodies!
Check out the Redspin Security Testing Add-ons.
September 4, 2009 at 5:52 am #26823UNIXParticipant
Thanks for sharing, Jhaddix. Will take a closer look at it when I’m at home.
September 4, 2009 at 7:37 am #26824
September 4, 2009 at 9:38 am #26825enzoParticipant
Key Manager (create your own SSL Certs)
Random User Agent
X-Forwarded for Spoofer
&& Last but not least NoScript!
Default theme is MacOSX 0.7.1 on firefox
Enigmail on thunderbird with AnonRemail, Display user agent, thundersomething, default theme iLeopard Mail 3.1.3
I try to keep the addons down as they chew resources and for things like XSS I use w3af or XSSploit.
If you have Ubuntu invest time in getting your hands on Ubuntuzilla.py to upgrade to the latest and greatest and once its setup you can cron job any future upgrades to install on demand. Never been a big fan of Ad-Block type about:config in the URL address part of your browser, see all those bits that have been inserted by ad-block to block adverts, that is bloatware! Avoid it and use NoScript as it is superior in every-way unless you want a bloated and slow browser.. By the time you click on block this advert for the hundredth time watch your about:config settings grow exponentially into wasted advert blocks..
Other addons worth playing with are chickenfoot and greasemonkey.. but its all down to personal preferences 🙂
P.S: The two developers that maintain Ad-Block and NoScript hate each others guts.. LMFAO!
P.P.S: If you want to have some serious h4x0r fun lay your hands on a copy of Browser Rider or BeEF by bindshell.net and watch how to turn idiots into zombies… Did they upgrade to the latest and greatest, erm, nooo! but with BeEF running you can tell them as much with a pop-up message! 😀
September 4, 2009 at 12:03 pm #26826Michael J. ConwayParticipant
This is kinda unrelated but I did find BeEF on the BT4 PRefinal release. I guess I’m going to have to go play with it…..
September 4, 2009 at 2:08 pm #26827blackazarroParticipant
Hey thanks. I didn’t know about FF addon collection.
September 4, 2009 at 2:09 pm #26828JhaddixParticipant
I will be sure to evaluate and add any cool ones, thanks guys. I dont want the list to get too bloated, looking for quality not quantity.
September 4, 2009 at 2:55 pm #26829
Exploit Me and Access Me from Security Compass.
September 4, 2009 at 3:06 pm #26830
Another useful tool, though not specifically a pentest plugin is iMacros. iMacros allows one to automate a lot of repetitive pen test tasks. You just have to know which tasks can be automated and which can’t.
September 6, 2009 at 12:21 am #26831ethicalhack3rParticipant
SQL Inject Me and XSS Me by security compass are good addons. You can add your own payloads too.
Just noticed you already had them on your list. 😛
- You must be logged in to reply to this topic.