Last updated: January 2, 2023
There are some must-have addons for pentesters in the Firefox environment. You will probably need it someday.
In this article, I present the 4 best addons any pentester must have on his Firefox browser.
Tamper Data
This extension allows to alternate the data transmitted by the browser. It displays all HTTP requests when a web page loads. It is able to replay certain HTTP requests, offering the possibility of changing them.
For example, you can pretend that you are on iOS with Safari while you are on Linux with Firefox. Where you can upload files with an unauthorized extension by changing the mime type of a file with Tamper data.
Download Tamper Data
Hackbar
HackBar is a Firefox extension intended for web developers, administrators or more broadly for people with a foot in the system security (white hat & co).
This extension allows in particular to:
- Encode / decode a url (url_encode, url_decode) Add or escape characters (addslashes, stripslashes)
- Send form data (GET / POST)
- Convert a string to MD5, SHA1, Base64, hexa, etc.
- Perform SQL operations, statements or commands: charset conversion, SQL injection, etc.
And many other things just a click away!
Download Hackbar
Cookie manager
Cookie manager is an efficient cookie manager. Viewing, editing, deleting and searching for cookies becomes easy. Supports private mode and Firefox mobile too. Cookie Manger makes it possible to view and control cookies in your browser. It also allowsuse cookies of a victim
Download Cookie Manger
KNOXSS Community Edition
KnoXSS allows you to detect XSS flaws in web applications by performing custom tests. KnosXSS will take care of testing the vulnerable points of your applications and will display a report of any vulnerabilities encountered.
Download KnoXSS
Firecookie is included in Firebug now 😉