Useful Browser Plugins
Firefox Add-Ons can be extremely useful and timesaving during penetration tests or hacking challenges.
In this post, I will go over a few of my favorite and most used plugins.
If you have no experience with them, think of them as small plugins that run in your browser and serve some sort of function by interacting with the current webpage.
To search for Firefox Add-Ons, you can navigate here.
Wappalyzer
According to the plugin’s description on the Firefox Add-Ons store:
Wappalyzer is a browser extension that uncovers the technologies
used on websites. It detects content management systems,
eCommerce platforms, web servers, JavaScript frameworks,
analytics tools and many more.
To install, just click “Add to Firefox”.
Now, whenever you navigate to a page, it will automatically determine all known technologies running on that webpage.
If it detects nothing, try refreshing the page or ensuring it is turned on in by clicking it in the tab bar.
Here is what it looks like when I open it on Wappalyzer’s website:
Another example detailing web server version numbers/etc. :
Cookie-Editor
Cookie-Editor is a wonderful time-saving tool for editing and intercepting HTTP-cookies in real-time.
This can be extremely useful for pentesting when you gain a valid cookie of a higher-level user (think priv-esc).
Additionally, many exploits require cookie manipulation and this tool let’s you edit/copy them straight from your browser without having to modify GET/POST requests.
Here is an example of using cookie-editor on wikipedia.org :
FoxyProxy
I mostly use this plugin to interact with BurpSuite during hacking challenges.
FoxyProxy allows you to toggle on/off to intercept web traffic via a pre-defined proxy.
Here is a quick usage guide with BurpSuite :
After installing it from the Firefox Add-Ons store, click the fox icon and click options to navigate to this screen:
Next, click on Add and setup a proxy ip:port and name like so:
For Burpsuite, the Community Edition default should be 127.0.0.1:8080 but you can check by launching it and navigating here :
Now, you can forward all internet requests from your browser to BurpSuite by clicking the fox icon and clicking burp, or whatever you named the connection :