Firefox add ons

firefox-add-ons

1) tab-kit: https://addons.mozilla.org/en-US/firefox/addon/tab-kit/  [ Nice one for the tab management ]

2)Delicious Save bookmarks in one place and share them with others.

3) Firebug Page analysis / development tool.

4) Modify Headers Modify the user agent string. Spoof a mobile request.

5) Pearl crescent page saver basic Screenshots

6) Quick Locale Switcher Change your browser language. Quickly

7) Selenium IDE Automation tool.

8) Selenium IDE buttons toolbar buttons to open Selenium

9) Tamper Data View & modify your headers

10) Wmlbrowser View WML pages. Simulate WAP browsing.

11) XHTML mobile profile Offers support not offered by Firefox

12) https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/

13)

• MozMonkey - collected extensions
  • Lorem Ipsum Generator, TinyUrl, etc
    • http://mozmonkey.com/
• External
  • Live HTTP Headers - View HTTP headers and cookies sent in response to a request
    • http://livehttpheaders.mozdev.org/
  • Scrapbook - Capture, Organize, and Annotate any website, image, web resource
    • http://amb.vis.ne.jp/mozilla/scrapbook/
  • CookieCuller - modified version of the Cookie Manager built into the Firefox/Mozilla browser
    • http://cookieculler.mozdev.org/
  • Tab Mix - kitchen sink of tab features
    • http://tab-mix.info.tm/
  • GreaseMonkey - enables execution of handy javascripts on pageload
    • http://greasemonkey.mozdev.org/
  • ColorZilla - eyedropper, color grabber for WebDevs/Visdes
    • http://www.iosart.com/firefox/colorzilla/
  • HTML Validator (based on Tidy)
    • http://users.skynet.be/mgueury/mozilla/
  • Web Developer Extension
    • http://chrispederick.com/work/firefox/webdeveloper/
  • Aardvark - View source code of one or more elements
    • http://www.karmatics.com/aardvark/

  • ViewSourceWith

    - View source code of a page in your chosen editor
    • https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&category=Developer%20Tools&id=394
  • View Rendered Source - Views source with coloured box outlines for block elements
    • http://jennifermadden.com/scripts/ViewRenderedSource.html
  • View Formatted Source - View source inline or in a window with ability to collapse and expand elements rather like viewing an xml file
    • https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&category=Developer%20Tools&numpg=10&id=697

  • MeasureIt

    - lets you measure onscreen elements with a click and drag box
    • http://www.kevinfreitas.net/extensions/measureit/
  • Fangs - Screen Reader Emulator
    • http://www.standards-schmandards.com/index.php?show/fangs
  • Outliner - Provides an outline of the heading structure in the sidebar
    • http://www-xray.ast.cam.ac.uk/~jgraham/mozilla.xml
  • Tamper Date - tracks and modify http/https requests. Useful to test security in your scripts
    • http://tamperdata.mozdev.org/
  • Screen grab! - saves webpages as images by scrolling around and stitching the result together. (Requires Java)
    • http://andy.5263.org/screengrab
  • Pearl Crescent Page Save - A faster version of ScreenGrab. Saves a PNG of any any web page using the Canvas API. (Requires Firefox 1.5+)
    • http://pearlcrescent.com/products/pagesaver/
  • FireBug - improved javascript error console, along with 1001 other useful features (inspectors, "ajax spy")
    • http://www.joehewitt.com/software/firebug/

User extensions - GreaseMonkey? scripts

• Internal
  • clean.corp mozilla search plugins
  • Hack gallery
  • add yours here
• External
  • view Flickr photos in the Firefox Sidebar
    • http://philmccluskey.com/projects/flickrfox
  • Yahoo! Search Sidebar - enables viewing Yahoo! Search results in a compact sidebar, uses Yahoo! Search Web Services
    • http://marc.abramowitz.info/archives/2005/03/01/yahoo-search-sidebar-for-firefox/

Productivity Extensions

• External

  • SpellBound

    - spell check text within firefox.
    • http://spellbound.sourceforge.net/
    • Fixed version for Firefox 1.5 (Brian Cantoni)

  • FireBMarks

    - got a great resource bookmarked, but can't locate it? Then search within your bookmarks
    • http://www.aefiec.espol.edu.ec/extensions/firebmarks.htm
  • Paste and Go - lets you paste an URL from the clipboard into the address bar and load it as a single step
    • http://tecwizards.de/mozilla/
  • Web Panel Enhancer - lets you view lots of things inside your sidebar. Also supports other extensions like scrapbook and webdev toolbar.
    • http://editcss.mozdev.org/indexwpe.html

for Thunderbird (email client)

• Internal
  • Y! Backyard Photos - shows a photo of who (in Y!) sent you an email message on the upper-right corner of the mail message preview pane
    • http://devel.yahoo.com/yahoo/doc/radwin/ybyphotos/

Firefox Addons For Penetration Testing
12 Aug

The majority of the penetration testers are using the Mozilla Firefox as a web browser for their pentest activities.This article will introduce the firefox addons that can be used for a web application penetration test.

1) Firebug

It is useful for the debugging tools that can help you tracking rogue javascript code on servers.

2) User Agent Switcher

You can use this extension to change the user agent of your browser.Useful for web application penetration tests that you want to check and the mobile versions of the websites.

3) Hackbar

Useful for SQL injection and XSS attacks.It includes also tools for URL and HEX encoding/decoding and many more.

4) HttpFox

Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.

5) Live HTTP Headers

View the HTTP headers of a website instantly.

6) Tamper Data

View and modify HTTP/HTTPS headers and post parameters.

7) ShowIP

Shows the IP of the current page in the status bar.It also includes information like the hostname,the ISP,the country and the city.

8) OSVDB

Open Source Vulnerability Database Search.

9) Packet Storm search plugin

Search the packet storm database for exploits,tools and advisories.

10) Offsec Exploit-db Search

Search the Exploit-db archive.

11) Security Focus Vulnerabilities Search Plugin

Search for vulnerabilities in the Security Focus

12) Cookie Watcher

Watch the selected cookie in the status bar.

13) Header Spy

Shows HTTP Headers on status bar

14) Groundspeed

Manipulate the application user interface.

15) CipherFox

Displays the current SSL/TLS cipher and certificate on the status bar.

16) XSS Me

Tool for testing reflected XSS vulnerabilities.

17) SQL Inject Me

Extension to test SQL Injection vulnerabilities.

18) Wappalyzer

Discover technologies and applications that are used on websites.

19) Poster

Make HTTP requests,interact with web services and watch the output.

20) Javascript Deobfuscator

Show the JavaScript code that are running on web pages.

21) Modify Headers

Modify HTTP request headers.

22) FoxyProxy

Advanced proxy management tool.

23) FlagFox

Displays a country flag for the location of the web server.It also includes tools such as Whois,Geotool,Ping,Alexa etc.

24) Greasemonkey

Customize the way a webpage behaves by using small bits of JavaScript.

25) Domain Details

Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports.

26) Websecurify

Useful for security assessments in web applications.

27) XSSed Search

Search the cross-site scripting database at XSSed.Com

28) ViewStatePeeker

ASP.NET viewstate viewer.

29) CryptoFox

CryptoFox is an encryption/decryption tool for cracking MD5 passwords.

30) WorldIP

Location of the web server,IP,Datacenter,Ping,Traceroute,RDNS,AS etc.

31) Server Spy

Unveils the technology of the web server (Apache, IIS etc.)

32) Default Passwords

Search CIRT.net default password database.

33) Snort IDS Rule Search

Search for Snort IDS Rules.