SecFox is nothing but a customized version of Firefox which is intended for performing web application security tests and audits. Using SecFox reduces time and effort we would have put if we had used any other browser along with tons of free + commercial tools used for testing the apps.
Firefox is an amazing browser whose features can be extended by installing addons or tweaking the browser itself. This feature of it is utilized to the max for building a powerful hacking/testing tool, SecFox.
This articles(split into sections) details the process of creating SecFox and also includes the usage of various security related firefox addons with relevant examples and screencasts.
“Leave me alone” says Firefox (Create a new profile and let your default Firefox alone)
Before turning Firefox to Secfox, we need to make sure that we don’t mess up with the settings of the existing firefox browser (default profile). For that, we will have to create a new profile called ‘SecFox’. Any modifications, like installing addons or change browser settings, we make while using the SecFox profile will not affect the default profile.
Tweak Firefox Config. (Enable profilemanager)
- Type about:config in the addressbar
- In the filter, type ‘profile’ and change profile.manage_only_at_launch to true (default is false).
- Close firefox
Now create a shortcut of firefox in your desktop and RightClick and open the properties. Now modify the target parameter as shown below.
%Firefox_Installation_Directory%firefox.exe -P -no-remote
Create a new profile ‘SecFox’ with Profile Manager.
To Run the New Profile, create a new shortcut and use the following command
%Firefox_Installation_Directory% firefox.exe -P SecFox -no-remote
You can create 2 shortcuts, one for your default ‘firefox’ and other for ‘secfox’ by using the above command.
Note: -no-remote parameter is used to run mutiple firefox instances simultaneously.
Are you SecFox or Firefox? (How to identify)
While running Secfox and default profile simultaneously, we will have trouble in identifying and switching to the profile required profile. So we need to modify the GUI and other properties of the profiles so that the difference is very much visible and the needed is easily accessible.
Change Desktop Icons
The first activity in this step would be setting different icons for the 2 profiles. Try changing the Secfox to some geeky looking dark icon. IÂ used the icon from crystalXp, which can be downloaded from here.
Differentiate with help of themes
Once you have your firefox windows open, while switching the browser windows (during Alt-tab), you will still find difficulty in mapping browser window and its corresponding profile. So the best option would be to put easily identifiable theme on SecFox. I used black version of the default theme for my new Sec profile, which you can get it from here.
Change Firefox Title
Tweak your titlebar so that you can identify your profile even if Firefox windows are minimized. Download and install Titlebar Tweaks in both the profiles. After installation go to Titlebar Tweak Options and select ‘Browser Name – Webpage Title’ layout. Click on the Browser Name tab and type in ‘S’ and ‘F’ as Browser names, for SecFox profile and default profile respectively.
Install ‘Must Have’ Addons:
Before installing addons which can help us with testing the web applications, we would want to install couple of addons which will definitely help us at later point of time.
As a tester you might need to keep loads and loads of tabs open that means less space to work and more confusion. FaviconizeTab helps in reducing the size of the tabs and thereby helping us to keep more tabs in little space. Download FaviconizeTab.
Check the post, Ultimate Clutter reduction with Favicons, for amazing tips with FaviconizeTab.
Control your Firefox with mouse gestures. This can be very useful when you want to do some quick browser navigation (like switching tabs, close tabs, open link in new tab etc). This again will be of great use once we start testing websites. Download FireGestures
Write custom scripts to modify the way in which the website works. Or load any existing greasemonkey scripts, which can be obtained from various repositories like userscripts.org, to enhance our testing. Download GreaseMonkey
This is similar to greasemonkey. Some cool Stylish scripts are available for download so we need this installed. Download Stylish.
Tweak Firefox Toolbar, Increase your work area:
RightClick on the toolbar and select ‘Customize’. Check ‘Use small icons’, this reduces the width of the firefox toolbar thereby increasing the vertical space.
We rarely use home button in present in the toolbar by default. We can remove the same by following simple steps. Open ‘Customize’ (check the above bullet) and drag-n-drop the home button from the navigation toolbar into the Customize Toolbars Window.
Install Personal Menu (from here), so that we can completely replace the Menu Toolbar with a tiny menu button.
We can combine Stop & Reload buttons in the navigation bar by adding a small Stylish scriptfound here (check ‘Must Have’ addons section above to install Stylish). This will display stop icon while loading the page and changes to reload once the page has loaded.
Once you complete all the above mentioned steps you have 2 independent firefox windows running with 2 different profiles simultaneously.
Now the new profile, SecFox, has to be made functional with various security related addons.
Upcoming posts related to SecFox will contain Info on installing and using the those addons.
(To be Continued….)