The day before yesterday to see the elder brother with Firefox hackbar manual injection infiltration, feel that the direct use of browser plug-in penetration testing has many advantages, can be directly in front of the injection and other operations, can also save the trouble of looking for various tools. The front end is the most direct! So these two days began to organize a variety of Firefox and chrome infiltration plug-ins to learn.
Firefox
Not explained. Firefox has been a penetrating test of the weapon, than the celestial Baidu browser and 360 browser and other do not know the strong to where to go.
1.Firebug
Firebug has been a lot of program apes and hackers to choose the important factor of Firefox, famous, I believe as long as the development experience will certainly be familiar with this plugin. Recommended Nanyi's Firebug Getting Started guide. the detailed tutorial waits for me to open the PHP time to tidy up again.
2.User Agent Switcher
This is a plugin that changes the client user agent, allowing you to see the page model in your phone in your browser. I used it in front-end development.
3.Hackbar
Hackbar is also a very popular tool for penetrating, 91ri.org the necessary tools of the Siege division, providing SQL injection and XSS attacks, the ability to quickly encode strings.
In the future will be detailed introduction of this plug-in construction and use
4.HttpFox
This is a plug-in that monitors and analyzes HTTP traffic between the browser and the Web server.
5.Live HTTP Headers
Instantly view HTTP headers for a Web page.
6.Tamper Data
View and modify Http/https header and Post parameters
7.ShowIP
The status bar displays the current page's IP address, host name, ISP, country, and city information.
8.OSVDB
Very powerful, exploiting the source of vulnerability database retrieval
9.Packet Storm Search Plugin
Packet Storm provides plug-ins that can search for vulnerabilities, tools, and exploits
10.Offsec exploit-db Search
This plugin can search for exploit-db information (seemingly MSF is useful)
11.Security Focus Vulnerabilities Search Plugin
Search for vulnerabilities on security focus
12.Cookie Watcher
Show cookies on the status bar
13.Header Spy
Display HTTP headers in the status bar
14.Groundspeed
Manipulate the application user interface
15.CipherFox
Display the current SSL/TLS encryption algorithms and certificates in the status bar
16.XSS Me
XSS Test Extension
17.SQL Inject Me
SQL injection Test Extension
18.Wappalyzer
View the applications used by the site
19.Poster
Send HTTP requests that interact with the Web server and view the results of the output
20.javascript Deobfuscator
Display JavaScript code running on a Web page
21.Modify Headers
Modify the HTTP request header
22.FoxProxy
Firefox's agent tool, this should be very familiar with it. The proxy feature enables us to intercept and modify requests. To intercept the request and manipulate it.
23.FlagFox
Can be displayed in the Address bar or status bar on the current site of the country's flag, there are more other features, such as: Double-click flag can achieve WOT function, mouse click is the WHOIS function. Of course, users can set the shortcut keys in the options to achieve such functions as copy IP, Wikipedia query and so on.
24.Greasemonkey
Greasemonkey allows you to add DHTML statements (user scripts) to any Web page to change how they are displayed. Just like CSS allows you to take over the style of a Web page, user script allows you to easily control any aspect of web design and interaction.
25.Domain Details
Display server type, IP address, domain name registration information, etc.
26.Websecurify
Websecurity is the extension of Firefox for web security monitoring software and can be used for security assessment of Web applications
27.XSSed Search
This plugin can search the xssec.com cross-site Scripting database
28.ViewStatePeeker
View ASP. iewstate
29.CryptoFox
Crack MD5, encryption/decryption tools
30.WorldIP
Display the server's IP, address, ping, Traceroute, RDNs, and other information
31.Server Spy
Identify the type of Web server accessed, the version, and the plug-in for the IP address
32.Default passwords
Search cirt.net Default Password database
33.Snort IDS Rule Search
Search for Snort's IDs rules, which are useful for signing development applications
34.FireCAT
Firecat (Firefox Catalog of Auditing exTensions) is a list of the most effective and useful application security audits and risk assessment tools (these tools are published in the form of Firefox plugins). The types of security tools that are not collected in Firecat include: Fuzzer, Agent, and application scanner.
Firefox penetration test Hack plugin set