16 Apr 2011
List of Chrome Browser Extensions for Security Analysts
List of chrome browser extensions that can be useful while performing application security assessments. Some of the extensions are already discussed earlier in our blog. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site
Note: Below table will be updated regularly. If you find any addons that are not listed but might be useful while conducting pentests, please mention in comments.
| Name | Description | Chrome Store URL | Developer | Keywords |
|---|---|---|---|---|
| AntiXSS | detect possible weak points and xss attacks | Chrome WebStore Link | XSS, Scanner | |
| BuiltWith | BuiltWith is a web site profiler tool. Displays the frameworks and other libraries with which that website is built | Chrome WebStore Link | link | Application Fingerprinting |
| Chrome IE Tab Multi | Run ActiveX controls on Chrome | Chrome WebStore Link | link | ActiveX testing |
| Chrome Sniffer | This extension will help web developer to inspect web framework / CMS and javascript library running on current browsing website. An icon will appear on address bar indicates the detected framework. Version detecting is being implemented. | Chrome WebStore Link | link | Application Fingerprinting |
| Cookies | Cookies is a free, powerful and easy-to-use Visual Cookie Editor. Cookies helps you more effectively manage all cookies stored within your browser, including 3rd party cookies. The interface is clean and well organized. | Chrome WebStore Link | link | Session Management/Fixation |
| Domain Details | Domain Details provides the following information on the site you are visiting: - Server IP Address - Server's Location. Based on a Geo IP database in the extension, does not poll an external service. - Server Software. Shows icons for common servers. - View server response headers within the extension - Domain Whois Links | Chrome WebStore Link | link | Network Fingerprinting |
| Edit This Cookie | This extension lets you: Delete all cookies in a page, Delete only the chosen cookie on a page, Edit any cookie, Add a new cookie, Search a cookie, Protect a cookie (read-only), Block cookies (cookie filter) | Chrome WebStore LinkChrome WebStore Link | Session Management/Fixation | |
| Firebug Lite | Firebug Lite is not a substitute for Firebug, or Chrome Developer Tools. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elemements with your mouse, and live editing CSS properties. | Chrome WebStore Link | link | Dynamic Frontend Manipulation/Injection, Bypass Client Side Validations |
| Form Editor | An extension for editing custom request(GET or POST) to web server. | Chrome WebStore | link | Injection |
| Form Fuzzer | Helps populating web forms with some random data. | Chrome WebStore | link | Parameter Manipulation/Injection, Fuzzing |
| IP Address and Domain Information | See the geolocation, DNS, whois, routing, search results, hosting, domain neighbors, DNSBL, BGP and ASN information of every IP address (IPv4 and IPv6). Including shortcut to Your public IP Address (myIP info). | Chrome WebStore Link | link | Network Fingerprinting |
| JSONView for Chrome | JSONView for chrome is an extension that helps you to parse and view JSON documents | Chrome WebStore Link | link | Helper Extension |
| Latest Sophos Security Alerts | Displays the Sophos security alerts direct in your browser | Chrome WebStore Link | Helper | |
| ModHeader | Add and modify the HTTP request headers sent to web servers. | Chrome WebStore | Session Management/Fixation, Authentication Testing | |
| Network and Internet tools | Tools like ping, tracert, W3C validator, dns blackhole list, dns lookup, domain neighbors and whois information. | Chrome WebStore | linklink | Network Fingerprinting |
| Pendule | convert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new tab, similar to built-in view source functionnality) | Chrome WebStore Link | Dynamic Frontend Manipulation/Injection, Bypass Client Side Validations | |
| Proxy Switchy! | Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily. | Chrome WebStore Link | link | Proxy Tools |
| Python Shell | You can use Python Shell to test Python code, to test regular expressions or as a calculator. | Chrome WebStore | link | Helper Extension |
| Simple REST Client | Simple REST Client is an extension for Google Chrome to help construct custom HTTP requests to directly test your web services. Select the URL, method, fill the headers and body if necessary. Click Send. Analyze response headers and body. | Chrome WebStore Link | link | Parameter Manipulation/Injection |
| Swap My Cookies | Swap My Cookies is a session manager, it manages your cookies, letting you login on any website with several different accounts. You can finally login into gmail, yahoo, hotmail, and just any website you use, with all your accounts; if you want to use another account just swap profile! | Chrome WebStore Link | Session Fixation/Management | |
| Tab Renamer | Renames the tabs, this can help identify different sessions while performing security testing. | Chrome WebStore | Helper Extension | |
| Unencrypted Password Warning | Unencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS. | Chrome WebStore Link | Detects Security Flaw | |
| User-Agent Switcher for Chrome | The extension allows you to set a specific filtering list, so it will automatically switch user-agent strings based on the domain or URL you specify. Also, it will use and auto-update a list of sites known to use incorrect user-agent sniffing (which can be disabled.) | Chrome WebStore Link | link | Mobile Security Testing, Client-side Bypass |
| Web Developer | Official port of the popular Web Developer extension for Firefox.convert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new tab, similar to built-in view source functionnality) | Chrome WebStore Link | link | Dynamic Frontend Manipulation/Injection, Bypass Client Side Validations |
| Websecurify | Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. This extension is useful to anyone who wants to quickly assess the security of their web applications. | Chrome WebStore Link | link | Web Page Scanner |
| XSS Rays | Complete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects. | Chrome WebStore Link | link | XSS, Scanner |
| BugDigger | Create truly helpful bug reports at the push of a button. Capture web page screenshot, annotate image and upload to bug tracker. | Chrome WebStore | link | Helper Extension |
| Wizdler | Parses WSDL and generates SOAP messages. | Chrome WebStore | Web services Testing | |
| d3coder | Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion | Chrome WebStore | link | Encoding/Decoding, Crypto, String Manipulation. |
-
http://twitter.com/atdre Dre G
-
http://a4apphack.com/ Rajiv Vishwa
-
http://twitter.com/atdre Dre G
-
-
-
Narin