Web Hacking Survival Kit (Browser Extensions)

Web Hacking Survival Kit

There are enough security problems with IE to encourage using an alternate browser, and if your doing any web hacking your choice of web browser will often impact your  capabilities.

Mozilla FireFox

If your not using this browser for your normal browsing activity… you should.

One of the major benefits of FireFox comes in the form of the great number of extensions available. Here are some useful ones broken down into categories and some extensions are in multiple categories.

Extensions Useful for Web App Security Auditing

  • Web Developer – This plugin adds a toolbar full of useful tools for both web developers and web hackers alike.
  • SwitchProxy – Quickly and easily switch between your local proxy server and direct connections.
  • LiveHTTP Headers – This allows you to quickly view the header traffic to and from your browser without the need for connecting to a local proxy server
  • User Agent Switcher – This plugin allows you to quickly and easily change the User Agent string sent to the webserver. Sometimes apps are designed to generate different output based on the browser type and this could result in the execution of a different chunk of code.
  • JSView – Quickly and easily see a list of remote javascript files, and view them.

Extensions Useful for Web App Development

  • Web Developer – This plugin adds a toolbar full of useful tools for both web developers and web hackers alike.
  • SwitchProxy – Quickly and easily switch between your local proxy server and direct connections.
  • LiveHTTP Headers – This allows you to quickly view the header traffic to and from your browser without the need for connecting to a local proxy server
  • User Agent Switcher – This plugin allows you to quickly and easily change the User Agent string sent to the webserver. Sometimes apps are designed to generate different output based on the browser type and this could result in the execution of a different chunk of code.
  • JSView – Quickly and easily see a list of remote javascript files, and view them.
  • View Source Chart – Shows you the HTML table/div structure in a very appealing way. Awesome for debugging formatting problems.

Extensions Useful for Secure Browsing

  • NoScript – This allows javascript only for trusted domains. The icon at the bottom of your browser allows you to easily allow/block websites javascript execution. This means that PopUps and such are a non-issue when you visit a new site.
  • Permit Cookies – Like NoScript, but for cookies. By default sites are not allowed to put cookies on your system, but you are provided an easy interface for allowing/blocking. I find this to be great in avoiding web beacons and other such tracking of my browsing habits.
  • CookieCuller – Not an active security extension, but makes it easier to review your cookies and clean up ones you dont want.
  • FlashBlock – Blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content. I find this as one of the best plugins for
  • LiveHTTP Headers – This allows you to quickly view the header traffic to and from your browser without the need for connecting to a local proxy server

Web Application Security Blog and Podcast