List of Chrome Browser Extensions for Security Analysts

List of chrome browser extensions that can be useful while performing application security assessments. Some of the extensions are already discussed earlier in our blog. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site

Note: Below table will be updated regularly. If you find any addons that are not listed but might be useful while conducting pentests, please mention in comments.

NameDescriptionChrome Store URLDeveloperKeywords
AntiXSS detect possible weak points and xss attacksChrome WebStore LinkXSS, Scanner
BuiltWithBuiltWith is a web site profiler tool. Displays the frameworks and other libraries with which that website is builtChrome WebStore LinklinkApplication Fingerprinting
Chrome IE Tab MultiRun ActiveX controls on ChromeChrome WebStore LinklinkActiveX testing
Chrome SnifferThis extension will help web developer to inspect web framework / CMS and javascript library running on current browsing website. An icon will appear on address bar indicates the detected framework. Version detecting is being implemented.Chrome WebStore LinklinkApplication Fingerprinting
CookiesCookies is a free, powerful and easy-to-use Visual Cookie Editor. Cookies helps you more effectively manage all cookies stored within your browser, including 3rd party cookies. The interface is clean and well organized.Chrome WebStore LinklinkSession Management/Fixation
Domain DetailsDomain Details provides the following information on the site you are visiting:

- Server IP Address
- Server's Location. Based on a Geo IP database in the extension, does not poll an external service.
- Server Software. Shows icons for common servers.
- View server response headers within the extension
- Domain Whois Links
Chrome WebStore LinklinkNetwork Fingerprinting
Edit This CookieThis extension lets you:
Delete all cookies in a page, Delete only the chosen cookie on a page, Edit any cookie, Add a new cookie, Search a cookie, Protect a cookie (read-only), Block cookies (cookie filter)
Chrome WebStore LinkChrome WebStore LinkSession Management/Fixation
Firebug LiteFirebug Lite is not a substitute for Firebug, or Chrome Developer Tools. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elemements with your mouse, and live editing CSS properties.Chrome WebStore LinklinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
Form EditorAn extension for editing custom request(GET or POST) to web server.Chrome WebStorelinkInjection
Form FuzzerHelps populating web forms with some random data.Chrome WebStorelinkParameter Manipulation/Injection, Fuzzing
IP Address and Domain InformationSee the geolocation, DNS, whois, routing, search results, hosting, domain neighbors, DNSBL, BGP and ASN information of every IP address (IPv4 and IPv6). Including shortcut to Your public IP Address (myIP info).Chrome WebStore Link
linkNetwork Fingerprinting
JSONView for ChromeJSONView for chrome is an extension that helps you to parse and view JSON documentsChrome WebStore LinklinkHelper Extension
Latest Sophos Security Alerts Displays the Sophos security alerts direct in your browserChrome WebStore LinkHelper
ModHeaderAdd and modify the HTTP request headers sent to web servers.Chrome WebStoreSession Management/Fixation, Authentication Testing
Network and Internet toolsTools like ping, tracert, W3C validator, dns blackhole list, dns lookup, domain neighbors and whois information.Chrome WebStorelinklinkNetwork Fingerprinting
Penduleconvert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new
tab, similar to built-in view source functionnality)
Chrome WebStore LinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
Proxy Switchy!Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.Chrome WebStore LinklinkProxy Tools
Python ShellYou can use Python Shell to test Python code, to test regular expressions or as a calculator.Chrome WebStorelinkHelper Extension
Simple REST ClientSimple REST Client is an extension for Google Chrome to help construct custom
HTTP requests to directly test your web services.

Select the URL, method, fill the headers and body if necessary.
Click Send.
Analyze response headers and body.
Chrome WebStore LinklinkParameter Manipulation/Injection
Swap My Cookies Swap My Cookies is a session manager, it manages your cookies, letting you login on any website with several different accounts. You can finally login into gmail, yahoo, hotmail, and just any website you use, with all your accounts; if you want to use another account just swap profile!Chrome WebStore LinkSession Fixation/Management
Tab RenamerRenames the tabs, this can help identify different sessions while performing security testing.Chrome WebStore Helper Extension
Unencrypted Password WarningUnencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS.Chrome WebStore LinkDetects Security Flaw
User-Agent Switcher for ChromeThe extension allows you to set a specific filtering list, so it will automatically switch user-agent strings based on the domain or URL you specify. Also, it will use and auto-update a list of sites known to use incorrect user-agent sniffing (which can be disabled.)Chrome WebStore LinklinkMobile Security Testing, Client-side Bypass
Web DeveloperOfficial port of the popular Web Developer extension for Firefox.convert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new
tab, similar to built-in view source functionnality)
Chrome WebStore LinklinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
WebsecurifyWebsecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

This extension is useful to anyone who wants to quickly assess the security of their web applications.
Chrome WebStore LinklinkWeb Page Scanner
XSS RaysComplete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.Chrome WebStore LinklinkXSS, Scanner
BugDiggerCreate truly helpful bug reports at the push of a button. Capture web page screenshot, annotate image and upload to bug tracker.Chrome WebStorelinkHelper Extension
WizdlerParses WSDL and generates SOAP messages.Chrome WebStoreWeb services Testing
d3coderEncoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversionChrome WebStorelinkEncoding/Decoding, Crypto, String Manipulation.
  • http://twitter.com/atdre Dre G

    I use Snap Links Lite, Form Fuzzer, BuiltWith, and Smooth Gestures with your already mentioned Switch Proxy! and Edit This Cookie. Of the others you listed, XSS Rays is ok.

    • http://a4apphack.com/ Rajiv Vishwa

      Hi Dre G, thanks for your comment. I’ve updated BuiltWith and Form Fuzzer to the list.
      (Other two that you have mentioned – Snap Links Lite/Smooth Gestures seem to enhance chrome usability rather acting as a medium for carrying out security testing).

      Thanks again and welcome to a4apphack.com

      • http://twitter.com/atdre Dre G

        Actually, Rajiv, I am sick of explaining to people about how to perform security testing.

        IMO, Snap Links Lite and Smooth Gestures are the MOST important tools for security testing that I have in my toolbox. I would probably also add CLCL and AutoHotKey to that list, but those are userland apps, not Chrome apps/extensions.

  • Narin

    Great.!!! http://getmantra.com/forums/Thread-OWASP-Mantra-on-Chromium-Wind-Wheel and 
    http://www.firecat.fr/kromcat/ are also worth mentioning

  • Pingback: Browser-based penetration testing with Firefox and Chrome | Doug Vitale Tech Blog