Note: The 360 Secure Browser offers some pretty good features worth trying out (some features in Firefox/Chrome couldnât be used normally). Please be gentle if you donât like it. Firefox has long been an essential weapon for penetration testers. Here are 34 Firefox extensions and a few Chrome extensions, which include functions like penetration testing, information gathering, proxy, encryption, and decryption.
Firefox Extensions
1: Firebug
One of the five-star highly recommended plugins for Firefox, no need for further explanation
https://addons.mozilla.org/en-US/firefox/addon/firebug
2: User Agent Switcher A plugin that changes the User Agent of the client
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher
3: HackbarAn essential tool for the engineers at 91ri.org, providing SQL injection and XSS attacks, and quickly encoding various strings.
https://addons.mozilla.org/en-US/firefox/addon/hackbar
4: HttpFoxMonitors and analyzes HTTP traffic between the browser and web servers
https://addons.mozilla.org/en-US/firefox/addon/httpfox
5: Live HTTP HeadersInstantly view the HTTP headers of a website
https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
6: Tamper DataView and modify HTTP/HTTPS headers and POST parameters
https://addons.mozilla.org/en-US/firefox/addon/tamper-data
7: ShowIPDisplays the IP address, hostname, ISP, country, and city of the current page in the status bar.
https://addons.mozilla.org/en-US/firefox/addon/showip
8: OSVDBOpen Source Vulnerability Database Retrieval
https://addons.mozilla.org/en-us/firefox/addon/osvdb
9: Packet Storm search pluginA plugin provided by Packet Storm, allowing searches for vulnerabilities, tools, and exploits.
https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin
10: Offsec Exploit-db SearchSearch Exploit-db information
https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search
11: Security Focus Vulnerabilities Search PluginSearch for vulnerabilities on Security Focus
https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-
12: Cookie WatcherDisplays cookies in the status bar
https://addons.mozilla.org/en-us/firefox/addon/watcher
13: Header SpyDisplays HTTP headers in the status bar
https://addons.mozilla.org/en-us/firefox/addon/header-spy
14: GroundspeedManipulate the application user interface.
https://addons.mozilla.org/en-us/firefox/addon/groundspeed
15: CipherFoxDisplays the current SSL/TLS encryption algorithm and certificate in the status bar
https://addons.mozilla.org/en-us/firefox/addon/cipherfox
16: XSS MeXSS testing extension
https://addons.mozilla.org/en-us/firefox/addon/xss-me
17: SQL Inject MeSQL injection testing extension
https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me
18: WappalyzerCheck the applications used on a website
https://addons.mozilla.org/en-us/firefox/addon/wappalyzer
19: PosterSend HTTP requests to interact with web servers and view output results
https://addons.mozilla.org/en-us/firefox/addon/poster
20: Javascript DeobfuscatorDisplays Javascript code running on a webpage
https://addons.mozilla.org/en-us/firefox/addon/deobfuscator
21: Modify HeadersModify HTTP request headers
https://addons.mozilla.org/en-us/firefox/addon/modify-headers
22: FoxyProxyProxy tool
https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard
23: FlagFoxShows the flag of the country where the current website is located in the address bar or status bar, with more functionalities like double-clicking the flag to enable the WOT feature, and middle-clicking for WHOIS. Users can set up hotkeys for actions like copying IP and Wikipedia querying in options.
https://addons.mozilla.org/en-us/firefox/addon/flagfox
24: GreasemonkeyAllows you to add DHTML statements (user scripts) to any webpage to change their display, similar to how CSS controls style, letting you easily control the design and interactivity of web pages. Examples: * Make all shown URLs on a page direct clickable links. * Enhance the usability of frequently visited websites to better suit your habits. * Bypass any annoying bugs on websites.
https://addons.mozilla.org/en-us/firefox/addon/greasemonkey
25: Domain DetailsShows server type, IP address, and domain registration information, etc.
https://addons.mozilla.org/en-us/firefox/addon/domain-details
26: WebsecurifyWebsecurify is a WEB security testing software extension for Firefox, allowing for security evaluations of web applications
https://addons.mozilla.org/en-us/firefox/addon/websecurify
27: XSSed SearchSearch XSSed.Com cross-site scripting databases
https://addons.mozilla.org/en-us/firefox/addon/xssed-search
28: ViewStatePeekerView asp.netâs ViewState
https://addons.mozilla.org/en-us/firefox/addon/viewstatepeeker
29: CryptoFoxMD5 cracking, encryption/decryption tool
https://addons.mozilla.org/en-US/firefox/addon/cryptofox
30: WorldIPDisplays server IP, address, PING, Traceroute, RDNS, and other information
https://addons.mozilla.org/en-US/firefox/addon/worldip-flag-and-datacenter-pi
31: Server SpyPlugin to identify the type, version, and IP address of the accessed web server
https://addons.mozilla.org/en-US/firefox/addon/server-spy
32: Default PasswordsSearch CIRT.netâs default password database.
https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786
33: Snort IDS Rule SearchSearch Snortâs IDS rules, which should be useful for those developing signatures.
https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search
34: FireCATFireCAT (Firefox Catalog of Auditing exTensions) is a list of the most effective and useful application security auditing and risk assessment tools released as Firefox extensions. FireCAT does not collect types of security tools such as fuzzers, proxies, and application scanners.
http://www.firecat.fr/download.html
Chrome Extensions
XSS RaysUsed to detect all types of XSS vulnerabilities
https://chrome.google.com/webstore/detail/kkopfbcgaebdaklghbnfmjeeonmabidj?hl
Google Hack Data BaseAn extension to connect to GHDB
https://chrome.google.com/webstore/detail/jopoimgcafajndmonondpmlknbahbgdb?hl
Websecurify Scanner
Websecurify is a robust cross-platform web security testing tool
https://chrome.google.com/webstore/detail/gbecpbaknodhccppnfndfmjifmonefdm?hl
HPP FinderUsed to discover potential HPP attack vectors
https://chrome.google.com/webstore/detail/nogojgcobcolombicplhimbbakkcmhio?hl
Form FuzzerHTML form fuzz tester. Used for fuzzing HTML forms
https://chrome.google.com/webstore/detail/cbpplldpcdcfejdaldmnfhlodoadjhii?hl
Site Spider
Website Crawler
https://chrome.google.com/webstore/detail/ddlodfbcplakmddhdlffebcggbbighda?hl
XSS ChEF Chrome Extension Exploitation Framework, a Chrome-based penetration testing framework akin to BeEF