Firefox extensions for web developers and penetration testers
Written by SkyOut & Veda, wired-security.net
Thursday, 19 June 2008
01010111 01001001 01010010 01000101 01000100 01010011 ->
01000101 01000011 01010101 01010010 01001001 01010100 ->
FIREFOX EXTENSIONS FOR WEB DEVELOPERS AND PENETRATION TESTERS
|| 0x00: ABOUT ME
|| 0x01: FOR WHOM IS THIS INFORMATION USEFUL?
|| 0x02: TAMPER DATA
|| 0x03: VIEW COOKIES
|| 0x04: COOKIESAFE
|| 0x05: USERAGENTSWITCHER
|| 0x06: QUICKJAVA
|| 0x07: WEB DEVELOPER
|| 0x08: XML DEVELOPER TOOLBAR
|| 0x09: HACKBAR
|| 0x10: SERVER SPY
|| 0x11: FIREBUG
|| 0x12: LIVE HTTP HEADERS
|| 0x13: HEADER MONITOR
|| 0x14: MODIFY HEADERS
|| 0x15: XSS ME
|| 0x16: SQL-INJECT ME
|| 0x00: ABOUT ME
Author: SkyOut, Veda
Date: February 2008
|| 0x01: For whom is this information useful?
The following Firefox extensions are sometimes made for web developers and
therefore provide more detailed information about the structure of a website.
This information can also be helpful to a penetration tester, who is analyzing
a website for vulnerabilities. Some extensions are even made for penetrating a
website and are very handy and easy to use. All extensions have been with
|| 0x02: Tamper Data
https://addons.mozilla.org/de/firefox/addon/966 by Adam Judson
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Trace and time http response/requests.
Security test web applications by modifying parameters (GET, POST and headers).
|| 0x03: View cookies
https://addons.mozilla.org/de/firefox/addon/315 by Edwin Martin
It adds a tab to the Page Info dialog box, which shows the cookies of the
current webpage. This is interesing for developers, privacy-concious users and
|| 0x04: CookieSafe
https://addons.mozilla.org/de/firefox/addon/2497 by Ron Beckman
This extension will allow you to easily control cookie permissions. It will appear
on your statusbar. Just click on the icon to allow, block, or temporarily allow the
site to set cookies. You can also view or clear the cookies and exceptions by right
clicking on the statusbar icon. For safer browsing you may choose to deny cookies
globally and then enable them on a per site basis.
|| 0x05: UserAgentSwitcher
http://chrispederick.com/work/user-agent-switcher/ by Chris Pederick
The User Agent Switcher extension adds a menu and a toolbar button to switch the user
agent of the browser. It is designed for Firefox, Flock and Seamonkey, and will run on
any platform that these browsers support including Windows, Mac OS X and Linux.
|| 0x06: QuickJava
https://addons.mozilla.org/de/firefox/addon/1237 by Doug G
|| 0x07: Web Developer
https://addons.mozilla.org/de/firefox/addon/60 by Chris Pederick
Adds a menu and a toolbar with various web developer tools.
|| 0x08: XML Developer Toolbar
https://addons.mozilla.org/de/firefox/addon/2897 by Scott Root II
The XML Developer's Toolbar!!!
Finally, a toolbar modeled after Chris Pederick's WebDeveloper toolbar, that allows XML
Developer's use of standard tools all from your browser!
-XML -> Schema Validation
-XSL Transformations on-the-fly
-DOM Inspector incorporated views
-Document statistics for future Semantic Web purposes
-SOA Module (coming soon)
-Lame scratch pad that does...nothing really useful :p
|| 0x09: HackBar
https://addons.mozilla.org/de/firefox/addon/3899 by Johan Adriaans
# New features
- Show / Hide hotkey [F9]
- Tab sensitive
- Auto load, split and focus when pressing hotkey on a new URL.
- Localized ( English and dutch for now )
- Textarea width set to 100% (removed dragbar)
- Complete code revision (OO based instead of functions)
# In general
This toolbar will help you in testing sql injections, XSS holes and site security.
It is NOT a tool for executing standard exploits and it will NOT teach you how to
hack a site. Its main purpose is to help a developer do security audits on his code.
If you know what your doing, this toolbar will help you do it faster. If you want to
learn to find security holes, you can also use this toolbar, but you will probably also
need a book, and a lot of google :)
# The advantages are:
- Even the most complicated urls will be readable
- The focus will stay on the textarea, so after executing the url (ctrl+enter) you can
just go on typing / testing
- The url in textarea is not affected by redirects.
- I tend to use it as a notepad :)
- Usefull tools like on the fly uu/url decoding etc.
- All functions work on the currently selected text.
# Load url ( alt a )
This loads the url of the current page into the textarea.
# Split url ( alt s )
When this button is clicked, the url/text in the textarea will be split into multiple
lines using the ? and & character
# Execute ( alt x, ctrl enter )
This will execute the current url in the textarea, i mostly use ctrl+enter
# INT -1 ( alt - )
First select a number in the textarea and press this button, the number will be lowered
by 1 and the url will be loaded.
# INT +1 ( alt + )
Again first select a number in the textarea and press this button, 1 will be added to the
number and the url will be loaded.
# MD5 Hash ( alt m )
this is a standard hashing method, often used as an encryption method for passwords.
It will MD5 hash the currently selected string.
# MySQL CHAR() ( alt y )
If quotes are escaped but you did find an SQL injection thats exploitable, you can use
this button to convert lets say:
load_file('/etc/passwd') --> load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100))
Thus omiting the use of quotes to load a file.
You can also use this on
WHERE foo LIKE ('%bar%') --> WHERE foo LIKE (CHAR(37, 98, 97, 114, 37))
# MsSQL CHAR() ( alt q )
Same story as MySQL CHAR(), MsSQL has a slightly different CHAR syntax
--> WHERE foo LIKE ( CHAR(37) + CHAR(98) + CHAR(97) + CHAR(114) + CHAR(37))
# Base64 encode / decode
Base64 encoding ( UU ) is often used to store data (like a return url etc.) This will
help you to read those values.
# URLencode / decode
This will encode or decode the currently selected characters to url safe characters.
I mostly use it to end a query with # (%23) when in a pseudo path where i cant use /* or --
|| 0x10: Server Spy
https://addons.mozilla.org/de/firefox/addon/2036 by Christophe Jacquet
Server Spy indicates what brand of HTTP server (e.g. Apache, IIS, etc.)
runs on the visited sites. When a tab is selected, the corresponding server
name is shown on the right-hand side of the browser's status bar.
|| 0x11: Firebug
https://addons.mozilla.org/de/firefox/addon/1843 by Joe Hewitt
Firebug integrates with Firefox to put a wealth of development tools at
your fingertips while you browse. You can edit, debug, and monitor CSS,
Visit the Firebug website for documentation, screen shots, and discussion forums:
|| 0x12: Live HTTP Headers
https://addons.mozilla.org/de/firefox/addon/3829 by Daniel Savard, Nicolas Coukouma
View HTTP headers of a page and while browsing.
|| 0x13: Header Monitor
https://addons.mozilla.org/de/firefox/addon/575 by Alexey Biznya
This is Firefox extension for display on statusbar panel any HTTP response
header of top level document returned by a web server. Example: Server
(by default), Content-Encoding, Content-Type, X-Powered-By and others.
Important: This extension obtains headers from LiveHTTPHeaders. Therefore, in order to use
HeaderMonitor first install extension LiveHTTPHeaders from
|| 0x14: Modify Headers
https://addons.mozilla.org/de/firefox/addon/967 by Gareth Hunt
Add, modify and filter http request headers. You can modify the user
agent string, add headers to spoof a mobile request (e.g.
x-up-calling-line-id) and much more. Take a look at the help tab of the Modify Headers window.
Some people think that 'user-agent' is a custom way of specifying the user agent string.
This is not true, for a guide on this and other HTTP request headers, look at this W3C page:
Please DO NOT post support requests or issues here. To make suggestions or report issues, please go to
|| 0x15: XSS-Me
http://www.securitycompass.com/exploit_me/xssme/xssme-0.2.1.xpi by http://www.securitycompass.com/
XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities.
|| 0x16: SQL Inject-Me
http://www.securitycompass.com/exploit_me/sqlime/sqlime-0.2.xpi by http://www.securitycompass.com/
SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
<!> Happy Hacking <!>
Share this content: