a4apphack

13 Chrome Extensions for Security Testers

Posted by rajivvishwa On May - 17 - 2010

This post lists 13 Chrome Extensions to aid security testers during their web application pen testing.

1. WebDeveloper

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox. Internal post here.
WebDeveloper

2. Firebug Lite

Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading
Firebug Lite

3. Pendule

This addon is similar to webdeveloper but not as powerful as it is. Internal Post here.
Pendule

4. Chrome Web Developer Tools

Tool to dynamically view and modify HTML elements.
Chrome Web Dev Tools

5. Simple REST Client

Construct custom HTTP requests to directly test your web services.
Simple REST Client

6. View Selection Source

View selection source in resizable popup. Drag the bottom right corner to resize. Simple, but very useful for web developers.
View Selection Source

7. Domain Details

Shows server’s IP address, country flag, software, headers, and provides links to whois reports. This is similar to the Domain Details addon for Firefox
Domain Details

8. Chrome Sniffer

Detect web frameworks and javascript libraries run on browsing website.
At the time of writing, this extension identifies the following apps/frameworks

Blogging Services

  • Tumblr

Web Application

  • vBulletin
  • SMF
  • phpBB
  • IPB
  • miniBB
  • Drupal
  • Ubercart
  • WordPress
  • bbPress
  • Movable Type
  • MediaWiki
  • DokuWiki
  • Joomla
  • Magento
  • Xoops
  • Plone
  • CMS Made Simple
  • SilverStripe
  • MODx
  • Amiro.CMS
  • Koobi
  • LifeRay
  • PHP Fusion
  • PHP Nuke
  • WebGUI
  • ezPublish
  • DotNetNuke
  • Sitefinity

Javascript framework & tools

  • jQuery & jQuery UI
  • ExtJS
  • Prototype
  • Closure
  • MooTools
  • Dojo
  • script.aculo.us
  • YUI
  • Google Analytics
  • Disqus
  • GetSatisfaction
  • Wibiya
  • reCaptcha
  • Mollom
Chrome Sniffer

9. User-Agent Switcher

Spoofs & Mimics navigator.userAgent and navigator, vendor strings for specific sites.
User Agent Switcher

10. Unencrypted Password Warning

Unencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS.
Unencrypted Password Warning

11. JSONView

JSONView for chrome is an extension that helps you view JSON documents in the browser.
JSON View

12. Cookie Editor

View and Edit the Cookies created by the site visible in the active page

Cookie Editor

13. Light Shot

Easy and convenient screen capture tool. Allows you to make screenshot of any selected area, edit and upload it to server. (Not really a security tool, but this can be of help to capture evidences)
LightShot

14. Note Anywhere (Bonus)

With this ext, you can make notes on any web page, any position. The notes get loaded automatically whenever the page is opened. (Not really a security tool, but this can be of help to quickly jot comments on the pages where further investigation is to be done later.)
Note Anywhere

 

 

Related Posts

Browser, Featured

Subscribe RSS
Follow me on TwitterTechnoratiYoutube VidsLinkedIn ProfileDelicious

    Popular Posts

    Most Commented

    Recent Posts

    Recent Comments