This is a dump of my current set of Firefox extensions. Some of these are absolutely critical for pentesting: HackBar, TamperData, FireBug and ModifyHeaders. Some are not so critical, but helpful: Shazou (Geolocation), FormFox (See where forms submit to), PDF Download (yeah.), etc.
Aardvark – aardvark.xpi
Powerful and user-friendly selector utility for selecting elements and doing various actions on them. It can be used for cleaning up a page prior to printing it (by removing and isolating elements), for making the page more readable, and (most appreciated by web developers), for analyzing the structure of a page.
Add N Edit Cookies – add_n_edit_cookies-0.2.1.3-fx+mz.xpi
Cookie Editor that allows you add and edit “session” and saved cookies.
AS Number – asnumber-1.0beta9-fx.xpi
The AS Number Extension displays interesting information the Internet Service Provider of every website visited. Along with it come some additional statistics for those who want to know what happens behind the Webs shiny surface.
Book Burro – bookburro.xpi
An extension for FireFox & Flock web browsers to save you time and money when browsing books.
Cert Viewer Plus – cert_viewer_plus-1.4-fx+tb+sm.xpi
Certificate viewer enhancements: PEM format view, file export
Cookie Monster – cookie_monster-0.94-fx.xpi
Cookie Monster features: – Temporary Permission for sites to leave cookies (permission removed and cookies deleted for site with temporary permission upon restart of Firefox) – New option to set general Firefox setting to block all cookies – Updated menu structure – Menu options to view cookies for current site or all sites – A panel indicating the current status of cookies for the current site and domain appears while hovering over the cookie status indicating icon in the status bar In a nutshell, Cookie Monster allows for easier managing of what sites a user allows to set cookies and what sites cannot. It works best for users who do NOT accept cookies by default, although this is not necessary.
Cookie Safe – cookiesafe-3.0.3-fx+tb+sm.xpi
This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies. You can also view or clear the cookies and exceptions by…
Cookie Watcher – cookie_watcher-0.7-fx.xpi
It is a simple extension. It helps testing web applications – it quickly can wipe ‘session’ cookie or it helps to identify cluster node in clustered environments using cookie value.
Delicious Bookmarks – delicious_bookmarks-2.0.104-fx.xpi
Delicious Bookmarks is the official Firefox add-on for Delicious, the world’s leading social bookmarking service (formerly del.icio.us). It integrates your bookmarks and tags with Firefox and keeps them in sync for easy, convenient access.
Download Statusbar – download_statusbar-0.9.6.3-fx.xpi
View and manage downloads from a tidy statusbar – without the download window getting in the way of your web browsing.
Edit Cookies – EditCookies.xpi
Edit your cookies right in Firefox!
Extended Cookie Manager – extended_cookie_manager-0.9-fx.xpi
Easier cookie managment for Firefox
FasterFox – Fasterfox{2.0.0}.xpi
Performance and network tweaks for Firefox
FireBug – firebug-1.2.1-fx.xpi
Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
FireCookie – firecookie-0.6-fx.xpi
Firecookie is an extension for Firebug that makes possible to view and manage cookies in your browser
FlagFox – flagfox-3.3.1-fx.xpi
Displays a country flag depicting the location of the current website’s server and provides quick access to detailed location and webserver information.
FormFox – formfox-1.6.2-fx.xpi
Do you know where your form information is going? This extension displays the form action (the site to which the information you’ve entered is being sent.)
FoxyProxy – foxyproxy-2.8.5-fx.xpi
FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.
GreaseMonkey – greasemonkey-0.8.20080609.0-fx.xpi
Allows you to customize the way a webpage displays using small bits of JavaScript. Hundreds of scripts, for a wide variety of popular sites, are already available at http://userscripts.org. You can write your own scripts, too. Check out http://wiki.greasespot.net/ to get started.
HackBar – hackbar-1.3.2-fx.xpi
Simple security audit / Penetration test tool.
HeaderSpy – HeaderSpy{1.2.2}.xpi
Shows HTTP headers on statusbar.
Hide Navigation Bar – hide_navigation_bar-1.2-fx.xpi
This extension enables you to hide the navigation bar through a toggle button. Currently the toggle button is the F2 key. You can change the key in the extensions options, as well as configure whether you want the Navigation Bar to be displayed on an initial Firefox launch. Also allows you to enable an Auto-Hide mode if you wish to use that instead.
HttpFox – httpfox-0.8.2-fx.xpi
An HTTP analyzer addon for Firefox
IETab – ietab-1.5.20080618-addons
This is a great tool for web developers, since you can easily see how your web page displayed in IE with just one click and then switch back to Firefox.
IMacros For Firefox – imacros_for_firefox-6.0.7.5-fx+mz+sm.xpi
Automate Firefox. Record and replay repetitious work. If you love the Firefox web browser, but are tired of repetitive tasks like visiting the same sites every days, filling out forms, and remembering passwords, then iMacros for Firefox is the solution you’ve been dreaming of! ***Whatever you do with Firefox, iMacros can automate it.***
JSView – jsview-2.0.5-fx+sm.xpi
ll browsers include a “View Source” option, but none of them offer the ability to view the source code of external files. Most websites store their javascripts and style sheets in external files and then link to them within a web page’s source code. Previously if you wanted to view the source code of an external javascript/stylesheet you would have to manually look through the source code to find the url and then type that into your browser.rnrnWell now there’s a much easier way.
Live HTTP Headers – live_http_headers-0.14-fx+sm.xpi
View HTTP headers of a page and while browsing.
Live IP Address – live_ip_address-1.82-fx.xpi
Retrieves your Live IP Address and displays it on Firefox’s status bar… Additional features: i) Easy copy of IP address to the clipboard, ii)Set update interval iii) Force update option
LocationBar – Locationbar{0.9.1}.xpi
Puts emphasis on the domain to reduce spoofing risk. Linkifies URL segments (press Ctrl, Meta, Shift or Alt). More URL formatting options configurable.
Modify Headers – modify_headers-0.6.4-fx+mz+sm.xpi
Add, modify and filter http request headers. You can modify the user agent string, add headers to spoof a mobile request (e.g. x-up-calling-line-id) and much more.
NoScript – noscript-1.8.1.3-fx+mz+sm.xpi
The best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS attacks.
PDF Download – pdf_download-2.0.0.0-fx.xpi
Use PDF Download to do whatever you like with PDF files on the Web. Regain control of them and eliminate browser problems, view PDFs directly in Firefox as HTML, and use the all-new Web-to-PDF toolbar to save and share Web pages as high-quality PDF files.
Poster – poster-1.7.1-fx.xpi
A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results…
RefControl – refcontrol-0.8.11-fx.xpi
Control what gets sent as the HTTP Referer on a per-site basis.
ReloadEvery – reloadevery-2.0-fx.xpi
Reloads web pages every so many seconds or minutes. The function is accessible via the context menu (menu you get when you right click on a web page) or via a drop down menu on the reload button
Shazou – shazou-2.1-fx.xpi
Finally mapping is integrated with the Firefox browser. The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing.
ShowIP – showip-0.8.08r14b0251-fx+mz.xpi
Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right mouse button) and hostname (left mouse button), like whois, netcraft. Additionally you can copy the IP address to the clipboard.
SQL Inject Me – sqlime-0.2.xpi [Doesn’t Work with FF3]
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
Tab Mix Plus – tab_mix_plus-dev-build.xpi
Tab Mix Plus enhances Firefox’s tab browsing capabilities. It includes such features as duplicating tabs, controlling tab focus, tab clicking options, undo closed tabs and windows, plus much more. It also includes a full-featured session manager.
TamperData – tamper_data-10.1.0-fx.xpi
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. Trace and time http response/requests. Security test web applications by modifying POST parameters.
TrashMail.net – trashmail.net-1.0.12-fx.xpi
Create free disposable email addresses and paste them directly in forms. This helps to protect you from spam mails and could be useful when subscribing to forums or newsletters
TwitterFox – twitterfox-1.7-fx.xpi
TwitterFox is a Firefox extension that notifies you of your friends’ statuses of Twitter.
User Agent Switcher – user_agent_switcher-0.6.11-fx+sm.xpi
Adds a menu and a toolbar button to switch the user agent of the browser.
Web Developer Toolbar – web_developer-1.1.6-fx.xpi
Adds a menu and a toolbar with various web developer tools.
XSS Inject Me – xssme-0.2.1.xpi [Doesn’t Work with FF3]
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS
you can download them all as one big zip here.
Jonathan Cran 