a4apphack » Secfox

13 Chrome Extensions for Security Testers

rajivvishwa — Mon, 17 May 2010 02:01:48 +0000

This post lists 13 Chrome Extensions to aid security testers during their web application pen testing.

1. WebDeveloper

Adds a toolbar button with various web developer tools. The official port of the Web Developer extension for Firefox. Internal post here.

2. Firebug Lite

Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading

3. Pendule

This addon is similar to webdeveloper but not as powerful as it is. Internal Post here.

4. Chrome Web Developer Tools

Tool to dynamically view and modify HTML elements.

5. Simple REST Client

Construct custom HTTP requests to directly test your web services.

6. View Selection Source

View selection source in resizable popup. Drag the bottom right corner to resize. Simple, but very useful for web developers.

7. Domain Details

Shows server’s IP address, country flag, software, headers, and provides links to whois reports. This is similar to the Domain Details addon for Firefox

8. Chrome Sniffer

Detect web frameworks and javascript libraries run on browsing website.

At the time of writing, this extension identifies the following apps/frameworks

Blogging Services

Tumblr

Web Application

vBulletin
SMF
phpBB
IPB
miniBB
Drupal
Ubercart
WordPress
bbPress
Movable Type
MediaWiki
DokuWiki
Joomla
Magento
Xoops
Plone
CMS Made Simple
SilverStripe
MODx
Amiro.CMS
Koobi
LifeRay
PHP Fusion
PHP Nuke
WebGUI
ezPublish
DotNetNuke
Sitefinity

Javascript framework & tools

jQuery & jQuery UI
ExtJS
Prototype
Closure
MooTools
Dojo
script.aculo.us
YUI
Google Analytics
Disqus
GetSatisfaction
Wibiya
reCaptcha
Mollom

9. User-Agent Switcher

Spoofs & Mimics navigator.userAgent and navigator, vendor strings for specific sites.

10. Unencrypted Password Warning

Unencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS.

11. JSONView

JSONView for chrome is an extension that helps you view JSON documents in the browser.

12. Cookie Editor

View and Edit the Cookies created by the site visible in the active page

13. Light Shot

Easy and convenient screen capture tool. Allows you to make screenshot of any selected area, edit and upload it to server. (Not really a security tool, but this can be of help to capture evidences)

14. Note Anywhere (Bonus)

With this ext, you can make notes on any web page, any position. The notes get loaded automatically whenever the page is opened. (Not really a security tool, but this can be of help to quickly jot comments on the pages where further investigation is to be done later.)

WebDeveloper Extension for Chrome for Security Analysts

rajivvishwa — Thu, 25 Mar 2010 23:15:39 +0000

I had mentioned in my previous post about Pendule – WebDeveloper Equivalent In Chrome, but lately the developer of WebDeveloper has released Chrome compatible version of this popular Firefox addon. WebDeveloper is definitely a favorite tool used by application security analysts and now it comes handy when you are testing your target in chrome. I think I’ll have to start a new series like SecFox, for Chrome.

WebDeveloper For Chrome (Click to Zoom)

Features (That can aid Security Testing)

Clear Radio Buttons
Convert GET to POST and POST to GET
Convert Select Elements to Text input
Display Form Details
Enable Form Fields
Make Form Fields Writable
Remove Maxlength
Show Passwords
View Form Info
Disable Image Alt Attributes
Show Hidden Elements
and much more…

NOTE: The Chrome compatible version doesn’t seem to be as stable as the one which is available for Firefox, but we can hope for the updates.

WebDeveloper for Chrome

Subscribe to SecFox – Firefox Addon Collections

rajivvishwa — Wed, 13 Jan 2010 19:29:34 +0000

Stay updated with addons discussed in the SecFox series, the most popular section of this blog. For that you need to subscribe to the SecFox addon collection available in the mozilla addons site.

SecFox is collection of addons which can be used to customize any firefox to a security assessment tool. At the time of writing this collection has 40+ addons which can help the web app sec testers during their assessments.

An ‘addon collector‘ addon is to be installed to get the SecFox updates. So if any new addon added to SecFox collection gives an alert to the subscriber.

Check the video below which explains how.

If you can see this, then you might need a Flash Player upgrade or you need to install Flash Player if it's missing. Get Flash Player from Adobe.

Download Secfox Collection :

Secfox – Addons for Cookie Analysis And Manipulation

rajivvishwa — Wed, 16 Dec 2009 19:57:00 +0000

In this part of the Secfox series, we will be discussing about the addons that can help us during the app security assessments which involves cookie analysis and manipulation.

These addons can be of huge help when we perform the type of tests mentioned below.

Cookie Prediction
Session Fixation
Cookie Persistence/Expiration
Broken Session Management

Traditional Method

We use a proxy interceptor like Paros/Burp/WebScarab to trap the HTTP requests and modify the values during its transit. For this to happen, we need to setup a proxy and ensure that it listens to the browser traffic. An additional step is required if the application uses an SSL connection, i.e. to store the Proxy’s forged certificate in the browser. The intercepted request enables us to add new cookies or modify the existing ones. We can also check when exactly are the cookie values issued and whether it is getting flushed upon session expiration.

Usage of Addons

We have various addons for firefox which makes the tasks mentioned above easier. Certain addons allow to view the cookies stored in the browser and others allows us to edit it. The advantage – we don’t need any proxy to do this job, we can view/edit from the browser itself.

1. View Cookies

This addon adds a tab in the ‘Page Info’ box available on the Firefox context menu.

View Cookies Addon

Download Link:

2. Add N Edit Cookies

This addon integrates a Cookie Editor to firefox. This also allows us to edit the attributes of the cookie.

Add n Edit Cookies Addon

Download Link:

3. FireCookie

If you are using Firebug a lot, then cookies are easily accessible inside firebug tabs if you have FireCookie installed.

FireCookie Addon

Download Link:

4. Cookie Swap

This is an amazing addon which helps us to switch between various cookie profiles. This addon saves all the cookies for a particular domain to the chosen profile. These profiles can be managed through a Profile Manager which comes with the tool. One can add and organize the profile which can be easily swapped from the Firefox status bar. This is of great use if you are testing the application which has multiple login credentials.

Cookie Swap - Status Bar

Cookie Swap - Manage Profiles

Download Link:

5. WebDeveloper – View Cookies

Web developer has a built-in cookie viewer and editor. Once you select on ‘View Cookies’ available under the ‘Cookies’ menu, a new tab is displayed with a big list of cookies for that particular domain and options to edit it. I prefer using ‘Add n Edit Cookie’ to this addon.

WebDeveloper - View Cookies

Download Link:

Video Demo

Watch the following video. Here, I quickly go through each of the addon I’d mentioned above.

If you can see this, then you might need a Flash Player upgrade or you need to install Flash Player if it's missing. Get Flash Player from Adobe.

Stay tuned… Secfox will continue….

Secfox – GroundSpeed, Client Side Data Manipulation From Sidebar

rajivvishwa — Tue, 15 Dec 2009 00:57:17 +0000

Pen testers fondly use webproxy a lot to manipulate the HTTP requests created by the browser before it is sent to the web sever. This helps us to verify the the absence of any server side validations or flaw in the client side validations. But feel lucky if you are using Firefox while performing web app security assessments, ’cause we have a cool extension ‘GroundSpeed’ which exactly does that.

I dont want to blabber much on describing how it works since the author has a nice writeup in his GroundSpeed homepage.

“Groundspeed is an open-source Firefox extension that manipulates the interface of web applications in order to make the life of the security tester easier. It allows security testers to manipulate the way they interact with the web application’s user interface by manipulating the forms and form elements, eliminating annoying limitations and client-side controls.

Some of the practical uses of Groundspeed include changing the types of form fields, like for example changing hidden fields into text fields, removing size and length limitations on input fields and modifying any JavaScript event handlers to bypass client side validation.

Groundspeed works by dynamically modifying the Document Object Model (DOM) of the page after Firefox has finished loading and rendering it. The changes take effect immediately and, since it happens entirely on the client side without generating new requests to the server, it is completely transparent to the application.”

Check the video

If you can see this, then you might need a Flash Player upgrade or you need to install Flash Player if it's missing. Get Flash Player from Adobe.

Conclusion

Whatever GroundSpeed can do can be done with Firebug, but this makes life super easy. We might tend to mess the HTML code displayed in the firebug window. But with GroundSpeed, we exactly achieve want we want. Another advantage of this addon compared to firebug is that this helps us to minimize the time wasted in searching for the variable names and the attributes which we intend to change if we had used Firebug.

As the author quotes, Firebug is meant for Developers and GroundSpeed for PenTesters. We hope that there will be many enhancements in the future so as to make this a full fledged PenTest addon.

Gallery

GroundSpeed Conversions

GroundSpeed - Remove Max Length

Install GroundSpeed Firefox Addon:

Secfox – Hackbar, Audit / Penetration Test Tool in Firefox

rajivvishwa — Thu, 19 Feb 2009 06:59:00 +0000

Hackbar is a tiny toolbar in Firefox with features to aid in application pen-testing. This can be used to perform our security tests quickly and effectively.

1. Manipulate integer values:

Click on Load URL and then Split URL. Now select the Integer under interest and click on the INT +1 or INT -1 as required. This will automatically load the page with the new modified param value. This can help us while checking for ‘forceful browsing’ or ‘revealing hidden pages’ kind of tests.

Change Integer Value

2. Calculate MD5 of selected string

Some of the sites amateur developers might do poor encoding for the sensitive data which is communicated between server and the client. But with Hackbar the values can be easily decoded with a single click.

Hash Selected Value

3. Calculate MySQL Char code of selected string.

MySQL CHAR() button can help us in calculating the charcode of the selected string. This can help in injecting the char code value during some tests which usually are not stripped of while performing server side validation.

Calculate Char Code

Features

Increment/Decrement the numeric value of the params (e.g. change pageid to reveal hidden page, session ids etc)
Above operation on HEX values
SQL and XSS vectors string construction
Built-In string encryption options (MD5, SHA-1, SHA-256)
Encode and Decode URL (Base 64, URL Encoding)
Strings for performing BoF attacks.

Download Hackbar :