Sharing my list of favourite Firefox plugins. Some are used more for only when doing web application penetration testing, whereas some are useful for everyday awareness/protection when surfing around the interwebs. Do leave comments if this helps, or you have any complaints/suggestions to help improve the list 😛
- Adblock Plus: you know what this is for… Remember to disable when performing penetration testing.
- CacheViewer: Allows for viewing and sorting of cache files. Seldom used, but a great tool nonetheless when the need comes for it.
- Domain Details: Displays plenty of information about the server (type, headers, IP, location) that you’re accessing. Good for basic information awareness during normal surfing.
- Download Statusbar: View and manage downloads from a tidy statusbar.
- DownThemAll: For fast grabbing of files from a directory.
- Firebug: Powerful tool for web developers that allows you to freely manipulate/view the loaded objects for a page. I haven’t really figured out how to use this for penetration testing yet though.
- Greasemonkey: Could come in very handy if you want to do some mods to a site’s page automatically, remember to enable/disable the scripts that aren’t needed when on a penetration testing job.
- IE Tab: Don’t really use this, unless I get a site that’s coded to work only with “browsers like IE”.
- iMacros for Firefox: Another powerful macro editing/playback tool, I don’t use this though 😛
- JavaScript Debugger: JS debugger and profiler, more useful for web developers I think.
- Live HTTP headers: Great for showing basic information about the HTTP headers being exchanged.
- NoScript: A MUST-HAVE for Forefox. Whitelists the scripts and objects that are allowed to load for a domain, amongst other protection features against other nasties out there. Remember to disable for penetration testing engagements.
- People Search and Public Record Toolbar: Great tool for information gathering, pity I never had the chance to really use it 😦
- ScrapBook: Aids in archiving and organizing pages. I use it to profile a site’s workflow.
- SwitchProxy / FoxyProxy: A must-have for changing between the many proxy tools that I use.
- Tamper Data: I use this to grab extra timeline information about the loading of pages. Also allows you to do request/response editing.
- User Agent Switcher: Self explanatory. Useful for certain situations only.
- View Dependencies: A must-have for organizing image/JavaScript/CSS resources for a page in a tidy manner.
- View formatted source: Formats HTML source neatly for viewing.
- View Source Chart: Formats final document DOM (after all the loading/JavaScript events have finished firing) for easy viewing. Also for when View formatted source isn’t available for the version of Firefox that you’re using.
- Web Developer: Great for manipulating the forms/cookies/JavaScript/whatnot on a page. A definite must-have for penetration testing.