- SecFox – Turn Firefox Into an Ultimate Hacking tool
- SecFox – HTTP Header Analysis + Domain Details
- SecFox – XSSMe, Automated XSS Detection in Firefox
- Secfox – Hackbar, Audit / Penetration Test Tool in Firefox
- Secfox – GroundSpeed, Client Side Data Manipulation From Sidebar
- Secfox – Addons for Cookie Analysis And Manipulation
- Subscribe to SecFox – Firefox Addon Collections
In this part of the Secfox series, we will be discussing about the addons that can help us during the app security assessments which involves cookie analysis and manipulation.
These addons can be of huge help when we perform the type of tests mentioned below.
- Cookie Prediction
- Session Fixation
- Cookie Persistence/Expiration
- Broken Session Management
Traditional Method
We use a proxy interceptor like Paros/Burp/WebScarab to trap the HTTP requests and modify the values during its transit. For this to happen, we need to setup a proxy and ensure that it listens to the browser traffic. An additional step is required if the application uses an SSL connection, i.e. to store the Proxy’s forged certificate in the browser. The intercepted request enables us to add new cookies or modify the existing ones. We can also check when exactly are the cookie values issued and whether it is getting flushed upon session expiration.
Usage of Addons
We have various addons for firefox which makes the tasks mentioned above easier. Certain addons allow to view the cookies stored in the browser and others allows us to edit it. The advantage – we don’t need any proxy to do this job, we can view/edit from the browser itself.
1. View Cookies
This addon adds a tab in the ‘Page Info’ box available on the Firefox context menu.
View Cookies Addon
Download Link: 
2. Add N Edit Cookies
This addon integrates a Cookie Editor to firefox. This also allows us to edit the attributes of the cookie.
Download Link:
3. FireCookie
If you are using Firebug a lot, then cookies are easily accessible inside firebug tabs if you have FireCookie installed.
FireCookie Addon
Download Link:
4. Cookie Swap
This is an amazing addon which helps us to switch between various cookie profiles. This addon saves all the cookies for a particular domain to the chosen profile. These profiles can be managed through a Profile Manager which comes with the tool. One can add and organize the profile which can be easily swapped from the Firefox status bar. This is of great use if you are testing the application which has multiple login credentials.
Cookie Swap - Status Bar
Cookie Swap - Manage Profiles
Download Link:
5. WebDeveloper – View Cookies
Web developer has a built-in cookie viewer and editor. Once you select on ‘View Cookies’ available under the ‘Cookies’ menu, a new tab is displayed with a big list of cookies for that particular domain and options to edit it. I prefer using ‘Add n Edit Cookie’ to this addon.
WebDeveloper - View Cookies
Download Link:
Video Demo
Watch the following video. Here, I quickly go through each of the addon I’d mentioned above.
Stay tuned… Secfox will continue….
