Nah.
I thought for today, I'd just post a few of the Firefox extensions I use for web app security testing. They're nothing special, just a few handy things that makes leet haxoring a little easier (I'm tired, remember?).
Caveat: Not all, but most work with Firefox 2.0
- TamperData - hands down, I use this the most. So much better than loading up a heavyweight Java proxy, when you don't need all the extra bells and whistles.
- LiveHTTPHeaders - Handy tool for quickly viewing and modifying header requests and headers sent with loaded pages.
- URLParams - This gives you a nice sidebar which will show you form elements, and allows you to manipulate them and submit them. It's probably most useful for quickly viewing hidden form inputs without looking at the source or using WebDeveloper
- View Cookies - View cookies is great, despite being very simple. It basically puts a "Cookies" tab in the page info dialog. It's very handy for seeing all of the cookies that get sent to the target page.
- Add N Edit Cookies - Ever wanted to bake your own cookies?
- CookiePie - Basically, lets you have a cookie exist for a single tab - great if you can only use one web browser instance for testing multiple user sessions simultaneously.
- Firebug - This is a great DOM inspector and JS debugger. I use it for going after those so-called web 2.0 applications (you mean you need to perform authentication on ajax calls?!!)
- SwitchProxy - This is a must if you are using tools like Paros or Burp proxy. Lets you switch quickly between proxy profiles.
Thanks to all of you dedicated plugin developers; you've really made life easier for a lot of us.
No comments:
Post a Comment