I’ve moved to
Chrome
and
Safari
as my primary browsers, but nothing compares to
Firefox
when it comes to functionality and plugin support. Shown below are the
information security related plugins I recommend any infosec professional
(or enthusiast) install upon spinning up a new Firefox instance.
This plugin
discovers all the fields on the current page, and gives you the option to
launch targeted attacks on each field, or to launch all of its attacks
against all fields.
From the same group as XSS Me,
this plugin
finds all fields on the page you’re on and let’s you launch the most common
SQL injection attacks against them.
See exactly what your browser is sending
and receiving in real-time.
Change your user-agent
on the fly. So, you can make it look like you’re coming from Lynx running on
AIX, or like you’re the GoogleBot.
Modify all sorts of options
related to the site you’re viewing. Disable scripting, modify forms, etc.,
etc. Trust me–good stuff.
Lets you view the data that’s being passed back and forth between you
and the web server…and let’s you mess with it. Think “WebScarab”, but far simpler, and as a Firefox plugin.
Find the Autonomous System Number
(ASN) of the network that your current site is served from. Simple. Useful.
Do a domaintools.com lookup
of the site you’re currently visiting. If you haven’t used
domaintools.com
yet, you’ll be even more impressed.
Get a weekly breakdown of what’s happening in security and tech—and why it matters.
Gives you a developer’s view
into the page you’re viewing, showing exactly what scripts are running, what
the stylesheet is, etc. Oh, and let’s you change them and see what the
result would be. Not really a security thing, but strong enough to be
included in a list of musts.
Allows you to quickly switch back and forth between multiple
proxies, or between using your main proxy and going straight out to the Internet.
My configuration always includes at least one proxy: localhost:8008 for
WebScarab.
This tool, added on Zach’s (@quine’s) request, is kind of interesting. It
allows a lot of functionality from a very simple interface. Essentially, it
presents you with the ability to modify the current URL in a number of
interesting ways, including giving access to a number of simple tools for
translating data formats. Worth adding to the list of essentials.
So there they are. If you have any I should add to this list of essentials,
do let me know in the comments or via
email. ::
(Thanks to those who helped me build this list including Johannes Ulrich and
Steve Crapo)
Meet Mary — Your Smart AI ICT Teacher for O-Level Secondary Education in Uganda! Welcome…
Journey Through Faith: An Introduction to Senior Three Islamic Religious EducationWelcome, students, to an enriching…
Meet Isha Karungi — Your Smart AI Islamic Studies Teacher for O-Level! Welcome to the…
Having studied Spanish for over 6 years, I knew what dulce de leche meant. Sweet.…
I found kiwis on sale. Five for $1! In the middle of winter. In January.…
An experience. That’s what Ghirardelli is to me. For many years, San Francisco was a…
Leave a Comment