a4apphack

In the previous post, Secfox Part 1, we had seen how to customize the environment in FireFox to get better ease of use and more workspace. Now its time to fill in the addons.

This post has two sections, the first explains how to obtain details of any website (Information Gathering) and the second deals with analysis and understanding of HTTP raw header information.

Addon 1: Domain Details

DomainDetails addon, can be helpful in finding out Server Type, Headers, IP Address, Location Flag, and Whois information of any website you browse with Firefox. Once you install the addon, Server name, Ip address of the current website is displayed in the status bar, and a tiny button is displayed, clicking on that will display a menu which gives access to explore more details of that website.

SecFox Addon, How?

How can this addon be useful while performing the security assessments?

1. Display’s Server Name and Version - This info can be used to search for the open vulnerabilities found in the target server. Several advisories publishes vulnerabilities associated with a particular version of various servers; the sites like milw0rm, cert, Secunia, etc holds a repository of latest advisories.

2. Displays IP Address – Input of several vulnerability scanners(like nmap) will be the IP address of the target website. Ideally, to obtain the IP address of the target, we would have to do ns lookup (open cmd prompt, then nslookup www.targetsite.com), but with with DomainDetails we can directly lookup IP address of the website immediately while the page loads.

3. Webpage fingerprint – Whois is used for querying authoritative registries/ databases to discover the owner of a domain name, an IP address, or an autonomous system number of the target website. Online sites like Whois.net, DNSStuff, Central Ops gives server info any many other details about any site you search for. Domain Details just adds option to directly search for these details from the statusbar menu, saving us few of our preciuos keystrokes.

Demo

Download DomainDetails :

---

Addon 2 : LiveHTTP Headers

The addon LiveHTTP Headers is one of the must have addon if you are a security analyst. This addon displays the RAW HTTP Headers (Request and Response) for the webpage you are browsing.

SecFox Addon, How?

1. Display’s server Name and Version – As explained in the previous section, this can be used to find out and exploit the known vulnerabilities found in the target server.

2. Displays the Response Code - This is very helpful in knowing how the server responds for any client request. So if there is any misconfiguration in the server so that a particular request of the client forces the client to behave indifferently and exposing the vulnerability.

3. Cookie Config – This also displays the cookie config set at the server. For example if we observe that in the server response, for any request sent for any sensitive pages, that Cache-Control: no-cache is not present, then it means that those sensitive pages are cached and be visible for those who are not intended to.

4. Replay any forged request – We can modify the POST data and replay it from this addon. This means that we are bypassing any client side validations present in that site.

5. Monitor Cookie Info – We can also monitor the cookie value and try to reverse engineer and decode its value.

6. This list continues – Analysis of HTTP Headers would will be the first step when doing the security assessments and LiveHTTP Headers will be the key to get it. We can break the headers into parts and research on that to get the best out of it.

More info on HTTP Headers

Demo

Download LiveHTTP Headers :

Stay Tuned coming posts features more security addons and its usage…

–

Series Navigation

SecFox – XSSMe, Automated XSS Detection in Firefox