Hackers we have to know some of the useful firefox plugins which help greatly for Web Application Pentester. Here some of the plugins i want to share with you ...
1. Firebug
Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page...
2. User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.
3. Hackbar
Simple security audit / Penetration test tool.
4. HttpFox
An HTTP analyzer addon for Firefox.
5. Live HTTP Headers
View HTTP headers of a page and while browsing.
6. Temper Data
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters...
7. ShowIP
Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.
8. OSVDB
Open Source Vulnerability Database Search.
9. Packet Storm Search Plugin
This plugin lets you search on Packet Storm - www.packetstormsecurity.org - database. Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.
10. Offsec Exploit-db Search
This plugin lets you search on Offsec Exploit archive - http://exploit-db.com. Offsec Exploit archive, also known as Explo.it, is the replacement of Milw0rm archive.
11. Security Focus Vulnerabilities Search Plugin
This plugin lets you search on Security Focus Vulnerabilities.
12. Cookie Watcher
Cookie Watcher is a tool to watch selected cookie in a statusbar.
13. Header Spy
Shows HTTP headers on statusbar.
14. Groundspeed
Groundspeed is an add-on that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.
15. CipherFox
Displays the current SSL/TLS cipher and certificate chain in the Add-on bar and Site ID dialog.
16. XSS Me
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
17. SQL Injection Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
18. Wappalyzer
Wappalyzer is a browser extension that identifies software on websites.
19. Poster
A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results...
20. Javascript Deobfuscator
This add-on will show you what JavaScript gets to run on a web page, even if it is obfuscated and generated on the fly. Simply open JavaScript Deobfuscator from the Tools menu and watch the scripts being compiled/executed.
21. Modify Headers
Add, modify and filter the HTTP request headers sent to web servers. This addon is particularly useful for Mobile web development, HTTP testing and privacy.
22. FoxyProxy
FoxyProxy is an advanced proxy management tool that completely replaces Firefox's limited proxying capabilities. It offers more features than other proxy addons.
23. FlagFox
Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more...
24. Greasemonkey
Customize the way a web page displays or behaves, by using small bits of JavaScript.
25. Domain Details
Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports. Shows links to check server status and cache when page fails to load.
26. Websecurify
Websecurify is a powerful cross-platform web security testing technology designed from the ground up with simplicity in mind.
27. XSSed Search
Search the cross-site scripting database at XSSed.Com
28. ViewStatePeeker
This add-on can decode and show viewstate contents of an *.aspx page. Once you intall this add-on, it shows up a 'Show Viewstate' item in context menu of Firefox. When this menuitem is clicked, a popup comes up showing the viewstate details.
29. CryptoFox
CryptoFox is an encryption/decryption tool for Mozilla Firefox, with dictionary attack support for cracking MD5 passwords.
30. WorldIP
REAL location of web server,IP,Datacenter,Ping,Traceroute,RDNS,AS. Often shows different countries from similar add-ons,because it is based on data from core routers worldwide,and not on whois data.Real Google's data centers.Providers looking glasses.
31. Server Spy
Server Spy indicates what brand of HTTP server (e.g. Apache, IIS, etc.) runs on the visited sites.
32. Default Passwords
Search CIRT.net default password database.
33. Snort IDS Rule Search
Search for Snort IDS Rules.
Keep Learning friends ......