10 Essential Firefox Plugins for the Infosec Professional

ff_plugins

I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.

XSS Me

This plugin discovers all the fields on the current page, and gives you the option to launch targeted attacks on each field, or to launch all of its attacks against all fields.

xssme

SQL Inject Me

From the same group as XSS Me, this plugin finds all fields on the page you’re on and let’s you launch the most common SQL injection attacks against them.

sqlinjectme

Live HTTP Headers

See exactly what your browser is sending and receiving in real-time.

livehttpheaders

User Agent Switcher

Change your user-agent on the fly. So, you can make it look like you’re coming from Lynx running on AIX, or like you’re the GoogleBot.

useragentswitcher

Web Developer

Modify all sorts of options related to the site you’re viewing. Disable scripting, modify forms, etc., etc. Trust me–good stuff.

webdeveloper

Tamper Data

Lets you view the data that’s being passed back and forth between you and the web server…and let’s you mess with it. Think “WebScarab”, but far simpler, and as a Firefox plugin.

tamperdata

ASnumber

Find the Autonomous System Number (ASN) of the network that your current site is served from. Simple. Useful.

asnumber

DT Whois

Do a domaintools.com lookup of the site you’re currently visiting. If you haven’t used domaintools.com yet, you’ll be even more impressed.

domaintools

Firebug

Gives you a developer’s view into the page you’re viewing, showing exactly what scripts are running, what the stylesheet is, etc. Oh, and let’s you change them and see what the result would be. Not really a security thing, but strong enough to be included in a list of musts.

firebug

SwitchProxy Tool

Allows you to quickly switch back and forth between multiple proxies, or between using your main proxy and going straight out to the Internet. My configuration always includes at least one proxy: localhost:8008 for WebScarab.

switchproxy

Hackbar

This tool, added on Zach’s (@quine’s) request, is kind of interesting. It allows a lot of functionality from a very simple interface. Essentially, it presents you with the ability to modify the current URL in a number of interesting ways, including giving access to a number of simple tools for translating data formats. Worth adding to the list of essentials.

hackbar

So there they are. If you have any I should add to this list of essentials, do let me know in the comments or via email. ::

(Thanks to those who helped me build this list including Johannes Ulrich and Steve Crapo)

Related

[ Information Security Posts | danielmiessler.com ]

Share this…

Like | Google +1 | Tweet | Share on LinkedIn | Submit to Reddit | Post to Hacker News

Connect with me…

Subscribe via RSS | Follow on Twitter | Connect on Github | Explore my Content

blog comments powered by Disqus