a4apphack

Featured
Firefox
Internet
- Backup
- Blogs
- Browser
- Email
Leisure
- Cool Sites
Mobile
- Android
Multimedia
- Graphics
- Images
- Movies
- Music
- Video
Programming
Security
- Browser
- Code
- Docs
- Tips
- Tools
- Tutorials
Softwares
- Download
- Fail
- Freeware
- Online
- Portable
- System Tools
Tips & Tricks
- Tutorials

13 Chrome Extensions for Security Testers

Posted by rajivvishwa On May - 17 - 2010

This post lists 13 Chrome Extensions to aid security testers during their web application pen testing.

1. WebDeveloper

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox. Internal post here.

2. Firebug Lite

Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading

3. Pendule

This addon is similar to webdeveloper but not as powerful as it is. Internal Post here.

Read the rest of this entry »

Browser, Featured

WebDeveloper Extension for Chrome for Security Analysts

Posted by rajivvishwa On March - 26 - 2010

I had mentioned in my previous post about Pendule – WebDeveloper Equivalent In Chrome, but lately the developer of WebDeveloper has released Chrome compatible version of this popular Firefox addon. WebDeveloper is definitely a favorite tool used by application security analysts and now it comes handy when you are testing your target in chrome. I think I’ll have to start a new series like SecFox, for Chrome.

WebDeveloper For Chrome (Click to Zoom)

Read the rest of this entry »

Featured, Security

Subscribe to SecFox – Firefox Addon Collections

Posted by rajivvishwa On January - 14 - 2010

This entry is part 5 of 5 in the series Secfox

Stay updated with addons discussed in the SecFox series, the most popular section of this blog. For that you need to subscribe to the SecFox addon collection available in the mozilla addons site.

SecFox is collection of addons which can be used to customize any firefox to a security assessment tool. At the time of writing this collection has 40+ addons which can help the web app sec testers during their assessments.

Read the rest of this entry »

Browser, Featured, Firefox, Security

Secfox – Addons for Cookie Analysis And Manipulation

Posted by rajivvishwa On December - 17 - 2009

This entry is part 4 of 5 in the series Secfox

In this part of the Secfox series, we will be discussing about the addons that can help us during the app security assessments which involves cookie analysis and manipulation.

These addons can be of huge help when we perform the type of tests mentioned below.

Cookie Prediction
Session Fixation
Cookie Persistence/Expiration
Broken Session Management

Traditional Method

We use a proxy interceptor like Paros/Burp/WebScarab to trap the HTTP requests and modify the values during its transit. For this to happen, we need to setup a proxy and ensure that it listens to the browser traffic. An additional step is required if the application uses an SSL connection, i.e. to store the Proxy’s forged certificate in the browser. The intercepted request enables us to add new cookies or modify the existing ones. We can also check when exactly are the cookie values issued and whether it is getting flushed upon session expiration.

Usage of Addons

We have various addons for firefox which makes the tasks mentioned above easier. Certain addons allow to view the cookies stored in the browser and others allows us to edit it. The advantage – we don’t need any proxy to do this job, we can view/edit from the browser itself.

1. View Cookies

This addon adds a tab in the ‘Page Info’ box available on the Firefox context menu.

View Cookies Addon

Download Link:

2. Add N Edit Cookies

This addon integrates a Cookie Editor to firefox. This also allows us to edit the attributes of the cookie.

Add n Edit Cookies Addon

Download Link:

Read the rest of this entry »

Browser, Featured, Firefox, Security

Secfox – GroundSpeed, Client Side Data Manipulation From Sidebar

Posted by rajivvishwa On December - 15 - 2009

This entry is part 3 of 5 in the series Secfox

Pen testers fondly use webproxy a lot to manipulate the HTTP requests created by the browser before it is sent to the web sever. This helps us to verify the the absence of any server side validations or flaw in the client side validations. But feel lucky if you are using Firefox while performing web app security assessments, ’cause we have a cool extension ‘GroundSpeed’ which exactly does that.

I dont want to blabber much on describing how it works since the author has a nice writeup in his GroundSpeed homepage.

“Groundspeed is an open-source Firefox extension that manipulates the interface of web applications in order to make the life of the security tester easier. It allows security testers to manipulate the way they interact with the web application’s user interface by manipulating the forms and form elements, eliminating annoying limitations and client-side controls.

Some of the practical uses of Groundspeed include changing the types of form fields, like for example changing hidden fields into text fields, removing size and length limitations on input fields and modifying any JavaScript event handlers to bypass client side validation.

Groundspeed works by dynamically modifying the Document Object Model (DOM) of the page after Firefox has finished loading and rendering it. The changes take effect immediately and, since it happens entirely on the client side without generating new requests to the server, it is completely transparent to the application.”

Read the rest of this entry »

Browser, Featured, Firefox, Security

Secfox – Hackbar, Audit / Penetration Test Tool in Firefox

Posted by rajivvishwa On February - 19 - 2009

Hackbar is a tiny toolbar in Firefox with features to aid in application pen-testing. This can be used to perform our security tests quickly and effectively.