10 Essential Firefox Plugins for the Infosec Professional

By Daniel Miessler on April 28th, 2009: Tagged as Firefox | Information Security

ff_plugins

I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.

XSS Me

This plugin discovers all the fields on the current page, and gives you the option to launch targeted attacks on each field, or to launch all of its attacks against all fields.

xssme

SQL Inject Me

From the same group as XSS Me, this plugin finds all fields on the page you’re on and let’s you launch the most common SQL injection attacks against them.

sqlinjectme

Live HTTP Headers

See exactly what your browser is sending and receiving in real-time.

livehttpheaders

User Agent Switcher

Change your user-agent on the fly. So, you can make it look like you’re coming from Lynx running on AIX, or like you’re the GoogleBot.

useragentswitcher

Web Developer

Modify all sorts of options related to the site you’re viewing. Disable scripting, modify forms, etc., etc. Trust me–good stuff.

webdeveloper

Tamper Data

Lets you view the data that’s being passed back and forth between you and the web server…and let’s you mess with it. Think “WebScarab”, but far simpler, and as a Firefox plugin.

tamperdata

ASnumber

Find the Autonomous System Number (ASN) of the network that your current site is served from. Simple. Useful.

asnumber

DT Whois

Do a domaintools.com lookup of the site you’re currently visiting. If you haven’t used domaintools.com yet, you’ll be even more impressed.

domaintools

Firebug

Gives you a developer’s view into the page you’re viewing, showing exactly what scripts are running, what the stylesheet is, etc. Oh, and let’s you change them and see what the result would be. Not really a security thing, but strong enough to be included in a list of musts.

firebug

SwitchProxy Tool

Allows you to quickly switch back and forth between multiple proxies, or between using your main proxy and going straight out to the Internet. My configuration always includes at least one proxy: localhost:8008 for WebScarab.

switchproxy

Hackbar

This tool, added on Zach’s (@quine’s) request, is kind of interesting. It allows a lot of functionality from a very simple interface. Essentially, it presents you with the ability to modify the current URL in a number of interesting ways, including giving access to a number of simple tools for translating data formats. Worth adding to the list of essentials.

hackbar

So there they are. If you have any I should add to this list of essentials, do let me know in the comments or via email. ::

(Thanks to those who helped me build this list including Johannes Ulrich and Steve Crapo)

Related

[ Information Security Posts | dmiessler.com ]

  • http://n0where.org/ Zach

    I suggest HackBar. It's simple, but handy, with encoding/decoding; MySQL and MSSQL CHAR() conversion; and the ability to split out a URL and parameters into separate lines. Only real drawback? It's crippled under OS X (“known issue; planned to be fixed”). The split URL functionality is still there, which is handy in its own right.

  • http://maxolasersquad.com/ Maxolasersquad

    Many of those extensions are also essentials for any web developer.

  • Pingback: Interesting Information Security Bits for 04/28/2009 | Infosec Ramblings

  • http://dmiessler.com/ Daniel Miessler

    Added, thanks Zach. :)

  • Pingback: Daily del.icio.us for April 27th through April 28th | Vinny Carpenter's blog

  • http://esl.epitech.eu Tyop

    and what about the firecat db ?
    http://www.firecat.fr/index.html

  • http://blogspots.freehostia.com Crazytrain1978

    Awsome :) some of these I already had, but lots I didn't. Can't wait to install some of these new goodies :)

  • http://rgaucher.info romain

    What about GreaseMonkey? This is awesome to develop custom scripts…
    https://addons.mozilla.org/en-US/firefox/addon/748

  • http://carnal0wnage.blogspot.com/2009/04/using-metasploit-smb-sniffer-module.html CG

    PassiveRecon should be in there too.

  • http://carnal0wnage.blogspot.com/2009/04/using-metasploit-smb-sniffer-module.html CG

    PassiveRecon should be in there too.

  • Pingback: 10 things to learn on May 1st

  • http://dmiessler.com/ Daniel Miessler

    Very true.

  • http://dmiessler.com/ Daniel Miessler

    Very true.

  • Joe

    Chrome and Safari are inferior browsers.

  • Pingback: Bookmarks for May 15th through June 3rd at Ed Smiley’s Blog

  • http://techian.com/ vivek

    Very useful post. Thanks..
    some of these i am using it but remaining installing now :)

  • hillarymaine

    i have to make a better essay service regarding on the 10 Essential Firefox Plugins for the Infosec Professional.

  • Pingback: uberVU - social comments

  • http://venicehotelsnear.com/ venice Cheap Hotels

    Hey this is is really a very good list of Firefox plugins. Thanks a lot for helping by this very useful post. keep it up.

  • durvetwormer

    This site is a fantastic creation. I liked it a lot to visit and comment.

  • http://www.naturalk9supplies.com/Dog-Treats/freeze-dried-treats.aspx Freeze Dried Dog Treats

    It's really a fantastic site. I like it a lot.

  • http://www.gucci-outlet-store.com/ gucci

    Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good information we can learn in this forum! http://www.oneor-more.com/

  • http://www.gucci-outlet-store.com/ gucci

    Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good information we can learn in this forum! http://www.oneor-more.com/

  • http://www.moldremoval.com/f.florida-mold-removal-contractor.st-petersburg.33713.html Mold Removal St. Petersburg

    It’s really a fantastic site. I liked it a lot to visit and comment. Thanks a lot for helping by this very useful post.

  • http://www.moldremovaldir.com/ Mold removal contractor

    This site is a fantastic creation.Hey this is is really a very good list of Firefox plugins. Thanks.

  • http://www.moldremoval.net Mold testing service

    Wow! keep it up. I like it a lot.

  • http://www.moldremoval.org/ Mold testing service

    Great website.Keep up the good work and continue providing us more quality information from time to time.

  • http://www.orientalrugcare.com/ Oriental Rug Cleaning Miami

    you are providing nice information.that will help me lot.

  • http://www.pridecarpetcleaning.com/ Rug Cleaning Broward County

    This site is a fantastic creation. I liked it a lot to visit and comment. i like it .

  • http://www.moldremoval.org Mold Removal

    Hey this is is really a very good list of Firefox plugins.Thanks.

  • http://www.moldremoval.net Mold Removal Cape Coral

    really cool.Thanks

  • http://www.kleendrybh.com Air Duct Cleaning Kendall

    I see something really interesting about your site so I bookmarked .

  • Traroth

    I would add HttpFox, a net data sniffer, easy to use.

  • http://www.delicious.com/nerojohn91 Diane Dean

    This is definitely nice and essential Firefox plugins.

  • replica watches

    Therefore, many people are proud of owning one replica watches. Omega watch, being one of them, chased by many people,too, drives the Omega replica watches flourishing. Among them, take Omega Seamaster table clock special. Because seamater watches are bestowed more practical and outdoor sports’function replica watches.Free shipping service are provided here to the worldwide.

  • http://dorothysimmons.buzznet.com/user/ Michael London

    I’m glad that you simply shared this helpful info with us. Please keep us informed like this. Thanks for sharing.


Top

Popular

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous

Arguments

Projects

Collections

Twitter

What I'm Reading

Favorite Books and Essays

Top Blog Categories

Inputs