FIREFOX PLUG-INS REVIEW

FIREFOX PLUG-INS EVERY SECURITY PERSONNEL NEEDS TO KNOW 

Plug-ins, additional features in a browser, enhance the user experience. Firefox is one browser that supports a variety of plug-ins. These could include video scripts, animations, and other elements. Browsers alone do not typically support these.

Understanding how plug-ins work and interact with browsers is important. This is because most malicious attacks use plug-ins as a cyber-trespassing and theft tool. Moreover, we will secure our systems properly by understanding how plugins work.

Plug-ins have a multitude of purpose. These are used to ensure safe browsing, information grabbing, entertainment purposes, among other uses. Below are useful plug-ins one can use to gather information and carry out penetration testing.

FoxyProxy Standard

This add-on is a proxy management. It improves the browser’s proxy capabilities as well as providing analysis of URL patterns. It also switches the network connection transversely among different proxy servers. One sees an animated icon on the browser when a proxy is in use.

FoxyProxy Standard has a history tab that logs the servers used. It is possible to set the plug-in for use when necessary based on the URL’s nature. This, as a result, makes the add-on more efficient than other proxy management plug-ins.

Firefox plug-ins

Firebug

This is a Firefox web development tool embedded into the browser function. It enables the editing of HTML, JavaScript or CSS directly from the live page. The changes thereafter directly seen after saving.

This plugin helps in pinpointing web application and web page vulnerabilities. It opens a window to launch a penetration attack and can collect a user’s data. It also enables inspection of HTML elements in the page.

The CSS tab functions to check and edit the style of the page. It is a convenient way to edit the look of the page and consequently view the changes immediately. Copying of Codes is further possible for further development outside the browser. It also enables scaling and margin setup to align text and images. Additionally, it can monitor network activity. If a page is loading slowly, you can check what causes the lag from this plug-in. Firebug also has a powerful JavaScript debugger that identifies errors and measures performance of a script.

Furthermore, Firebug monitors network activity. If a page is loading slowly, you can check what causes the lag from this plug-in. Firebug has a powerful JavaScript debugger that identifies errors and measures performance of a script.

The DOM tab found in the Firebug panel helps identify code tags and edit them. This plugin also allows the easy management of cookies. All accepted cookies are reviewed as they are listed according to value.

Firefox plug-ins

Firefox plug-ins

Live HTTP Headers

Live HTTP headers are effective penetration tools used for troubleshooting, tuning and analyzing a website. This plug-in contains data such as language, caching, authorization, and character set. Normally, these data are invisible. This plugin, however, enables access to this information.

To obtain header information, right-click on the page and select “View Page Info.” Next, click the header tab on the new pop up window to view page information. Press ‘”Ctrl+Shift+A” to replay the header.

Firefox plug-ins

This plug-in is considered as a sniffer application. That is because it can view HTTP header exchanging. You can see what is happening and analyze it, and stop packet capture. To change header or URL values, you only need to highlight, edit and replay a packet. Finally, this works on both Windows and Linux.

Hackbar

Hackbar is another penetration testing tool. It appears as an extension of the address bar. Hackbar is capable of performing POST data manipulation, encryption, and encoding. This helps test XSS holes, web security, and SQL injections. Moreover, one can work on Hash algorithms, Base64 Decoding, and other data types with Hackbar.

Firesheep

Firesheep gives you the capability to attack HTTP sessions of other users accessing the same network. This plugin shows all accounts found in the network. This uses the cookie unique to a logged in account. This a result of websites protecting initial log-ins but leaving the rest of the log-ins unprotected.

These cookies are readily available for use by attackers in any open network. Firesheep captures users visiting an unsecured page. Double clicking a seized item, logs you in as that user.

Tamper Data

Tamper Data is used to edit and view HTTP requests. This add-on records ongoing requests for display on a particular website. The window shows details such as time, total duration, size and other information. Most noteworthy is that the data is copied to an external file for future reference.

Firefox plug-ins

CryptoFox

CryptoFox is an encryption-decryption plug-in. It appears as an extension of the address bar. Moreover, it has two fields. The first one corresponds to the text that needs encryption. The next field is a selection of the desired encryption method.

CryptoFox performs over 40 techniques. Furthermore, it has a dictionary attack reference for MD5 passwords. To test this plug-in, here is an AES128-bit encryption. Let’s use the AES 128-bit decrypt method for this.

Firefox plug-ins

Type “helloworld!” in the text field. Next, select AES 128-bit encryption and later on press the decode button. Thereafter, enter the “passwd” when asked to enter a password. This password will also be utilized for the decryption later. Especially relevant is the that we will use this password for decryption later.

Firefox plug-ins

After entering your password, Click OK. Afterward, this encrypts the text which is later displayed in the first field. For cross checking purposes, select the AES128-bit Decrypt and use the same password.

Firefox plug-ins

Anonymox

Anonymox is a useful plug-in that enables anonymous browsing in Firefox. This plugin creates a virtual identity. That is so because it protects you, giving access to commonly banned sites on your network. It also helps one in changing their IP address.

In addition, one can tweak Anonymox’s customizable settings per every website. Bypassing GeoIP blocks is also possible through this add-on. This is possible as it changes your origin location. This, as a result, gives you access to banned sites in your country.

The Anonymox acts as a middle ground. The request is sent to the plug-in and later, the plug-in itself replies to the web host. It enables you to select proxy identities.

Firefox plug-ins

SQL Inject Me<

This penetration testing plug-in identifies vulnerabilities in SQL injection. It looks for database errors and loopholes. This, in turn, helps to carry out an attack through sending escape strings in the database. A completed test result shows errors and the options.

Firefox plug-ins

Certificate Patrol

Certificate Patrol helps pinpoint man-in-the-middle attacks. This is done by checking SSL certificates. It shows whether anything within the certificate is modified during an exchange. This add-on uses pop-ups to inform you SSL details and lets you choose to save or not. If saved, the plug-in can cross-check for disparities.

To verify a certificate, the plug-in shows old and new versions of the SSL. You must be cautious in finding and comparing for errors. Click the Reject button should you find anything suspicious.

Firefox plug-ins

FoxySpider

Web crawlers are useful. FoxySpider in Firefox is one such add-on that organizes a website. It displays and arranges videos, music, images, etc. according to file types. It is useful in gathering information about a website.

An icon on the left side of the address bar indicates that FoxySpider is installed. There are three settings for this tool. Left clicking organizes the files, while right-clicking opens a search configuration window. Middle clicking on the icon, on the other hand, pops up a window to set requirements such as keywords or specified URLs.

Firefox plug-insFirefox plug-ins

Firefox plug-ins

Firefox plug-ins

Firefox has a 35% user rating. With plugins such as these, security engineers can find it convenience in performing their tasks. Testing and gathering information is made easier with these add-ons. We encourage you to download these plug-ins to try it out yourself.

Source: http://resources.infosecinstitute.com/firefox-plug-ins-that-a-security-engineer-need-to-know/

Elsewhere, Click here to have a look at another cool post about Dridex malware.

Try Certified Ethical Hacker for FREE!!!https://infosecaddicts.com/course/certified-ethical-hacker-v10/

Novice
$0
Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.  
Regular use
$49
This is the second tier that includes limited access to our training materials and to our exclusive lab.    
Risky use
$69
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
$89
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!

This post was written by Joseph McCray

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.