Top 34 Must-Have Firefox Extensions for Penetration Testing and Security

Note: The 360 Secure Browser offers some pretty good features worth trying out (some features in Firefox/Chrome couldn’t be used normally). Please be gentle if you don’t like it. Firefox has long been an essential weapon for penetration testers. Here are 34 Firefox extensions and a few Chrome extensions, which include functions like penetration testing, information gathering, proxy, encryption, and decryption.

Firefox Extensions

1: Firebug

One of the five-star highly recommended plugins for Firefox, no need for further explanation

https://addons.mozilla.org/en-US/firefox/addon/firebug

2: User Agent Switcher A plugin that changes the User Agent of the client

https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher

3: HackbarAn essential tool for the engineers at 91ri.org, providing SQL injection and XSS attacks, and quickly encoding various strings.

https://addons.mozilla.org/en-US/firefox/addon/hackbar

4: HttpFoxMonitors and analyzes HTTP traffic between the browser and web servers

https://addons.mozilla.org/en-US/firefox/addon/httpfox

5: Live HTTP HeadersInstantly view the HTTP headers of a website

https://addons.mozilla.org/en-US/firefox/addon/live-http-headers

6: Tamper DataView and modify HTTP/HTTPS headers and POST parameters

https://addons.mozilla.org/en-US/firefox/addon/tamper-data

7: ShowIPDisplays the IP address, hostname, ISP, country, and city of the current page in the status bar.

https://addons.mozilla.org/en-US/firefox/addon/showip

8: OSVDBOpen Source Vulnerability Database Retrieval

https://addons.mozilla.org/en-us/firefox/addon/osvdb

9: Packet Storm search pluginA plugin provided by Packet Storm, allowing searches for vulnerabilities, tools, and exploits.

https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin

10: Offsec Exploit-db SearchSearch Exploit-db information

https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search

11: Security Focus Vulnerabilities Search PluginSearch for vulnerabilities on Security Focus

https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-

12: Cookie WatcherDisplays cookies in the status bar

https://addons.mozilla.org/en-us/firefox/addon/watcher

13: Header SpyDisplays HTTP headers in the status bar

https://addons.mozilla.org/en-us/firefox/addon/header-spy

14: GroundspeedManipulate the application user interface.

https://addons.mozilla.org/en-us/firefox/addon/groundspeed

15: CipherFoxDisplays the current SSL/TLS encryption algorithm and certificate in the status bar

https://addons.mozilla.org/en-us/firefox/addon/cipherfox

16: XSS MeXSS testing extension

https://addons.mozilla.org/en-us/firefox/addon/xss-me

17: SQL Inject MeSQL injection testing extension

https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me

18: WappalyzerCheck the applications used on a website

https://addons.mozilla.org/en-us/firefox/addon/wappalyzer

19: PosterSend HTTP requests to interact with web servers and view output results

https://addons.mozilla.org/en-us/firefox/addon/poster

20: Javascript DeobfuscatorDisplays Javascript code running on a webpage

https://addons.mozilla.org/en-us/firefox/addon/deobfuscator

21: Modify HeadersModify HTTP request headers

https://addons.mozilla.org/en-us/firefox/addon/modify-headers

22: FoxyProxyProxy tool

https://addons.mozilla.org/en-us/firefox/addon/foxyproxy-standard

23: FlagFoxShows the flag of the country where the current website is located in the address bar or status bar, with more functionalities like double-clicking the flag to enable the WOT feature, and middle-clicking for WHOIS. Users can set up hotkeys for actions like copying IP and Wikipedia querying in options.

https://addons.mozilla.org/en-us/firefox/addon/flagfox

24: GreasemonkeyAllows you to add DHTML statements (user scripts) to any webpage to change their display, similar to how CSS controls style, letting you easily control the design and interactivity of web pages. Examples: * Make all shown URLs on a page direct clickable links. * Enhance the usability of frequently visited websites to better suit your habits. * Bypass any annoying bugs on websites.

https://addons.mozilla.org/en-us/firefox/addon/greasemonkey

25: Domain DetailsShows server type, IP address, and domain registration information, etc.

https://addons.mozilla.org/en-us/firefox/addon/domain-details

26: WebsecurifyWebsecurify is a WEB security testing software extension for Firefox, allowing for security evaluations of web applications

https://addons.mozilla.org/en-us/firefox/addon/websecurify

27: XSSed SearchSearch XSSed.Com cross-site scripting databases

https://addons.mozilla.org/en-us/firefox/addon/xssed-search

28: ViewStatePeekerView asp.net’s ViewState

https://addons.mozilla.org/en-us/firefox/addon/viewstatepeeker

29: CryptoFoxMD5 cracking, encryption/decryption tool

https://addons.mozilla.org/en-US/firefox/addon/cryptofox

30: WorldIPDisplays server IP, address, PING, Traceroute, RDNS, and other information

https://addons.mozilla.org/en-US/firefox/addon/worldip-flag-and-datacenter-pi

31: Server SpyPlugin to identify the type, version, and IP address of the accessed web server

https://addons.mozilla.org/en-US/firefox/addon/server-spy

32: Default PasswordsSearch CIRT.net’s default password database.

https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786

33: Snort IDS Rule SearchSearch Snort’s IDS rules, which should be useful for those developing signatures.

https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search

34: FireCATFireCAT (Firefox Catalog of Auditing exTensions) is a list of the most effective and useful application security auditing and risk assessment tools released as Firefox extensions. FireCAT does not collect types of security tools such as fuzzers, proxies, and application scanners.

http://www.firecat.fr/download.html

Chrome Extensions

XSS RaysUsed to detect all types of XSS vulnerabilities

https://chrome.google.com/webstore/detail/kkopfbcgaebdaklghbnfmjeeonmabidj?hl

Google Hack Data BaseAn extension to connect to GHDB

https://chrome.google.com/webstore/detail/jopoimgcafajndmonondpmlknbahbgdb?hl

Websecurify Scanner

Websecurify is a robust cross-platform web security testing tool

https://chrome.google.com/webstore/detail/gbecpbaknodhccppnfndfmjifmonefdm?hl

HPP FinderUsed to discover potential HPP attack vectors

https://chrome.google.com/webstore/detail/nogojgcobcolombicplhimbbakkcmhio?hl

Form FuzzerHTML form fuzz tester. Used for fuzzing HTML forms

https://chrome.google.com/webstore/detail/cbpplldpcdcfejdaldmnfhlodoadjhii?hl

Site Spider

Website Crawler

https://chrome.google.com/webstore/detail/ddlodfbcplakmddhdlffebcggbbighda?hl

XSS ChEF Chrome Extension Exploitation Framework, a Chrome-based penetration testing framework akin to BeEF

https://github.com/koto/xsschef