Three tools to reinforce the security performance of Firefox

The reason we like open-source software like Firefox is simple: it is secure and has many easy-to-use extension plug-ins. With these good stuff, we can browse the network and receive emails with confidence. Nowadays, more and more extensions are developed for Firefox. Next, let's take a look at the three major tools that let us turn Firefox into a powerful weapon. However, in other words, these extensions are not designed to enhance the security of Firefox, but they are more convenient to use.

Data MODIFICATION master Tamper Data

If you can only install one security guard for your browser, it is not "Tamper Data. In the past, I used Paros Proxy and Burp Suite to block the request information and response between the browser and the Web server. Now these tasks can be implemented by using Firefox and Tamper Data without the need to configure the proxy. Easy to use.

Nowadays, using a browser to surf the Internet is inseparable from cookies. It is a very small text file placed on your hard disk by the Web Page Server. Maybe it's your ID card. Although it can only be read by the server providing it, it will leak your information. If the website you want to access requires a unique cookie, or a user proxy, we recommend that you use Tamper Data to intercept the cookie request before sending it to the Web server. Then, add and modify the attributes, and then send them again. We can even modify the response before the browser interprets the response from the Web server. If we feel safe, we will leave it. If we are not safe, we will discard it. No! In short, this is a good tool for many netizens who are interested in Web Application Security.

The following is a log window for Tamper Data: (figure 1)

Figure 1

Tamper Data modification window: (figure 2)

Figure 2

Higher security: Paros and Burp

1. Paros

As stated by its development team, the Paros program is designed to evaluate the security of its Web applications. It is written in Java and free of charge. Through the proxy feature of Paros, all HTTP and HTTPS data of servers and clients, including cookies and form fields, can be intercepted and modified.

Of course, its functions are good. For example, the capture function allows you to manually capture and modify HTTP (and HTTPS) requests and responses. The filter function detects the HTTP message mode and issues a warning to help users process the HTTP message mode; the scan function scans Common Vulnerabilities. The log function allows users to view and check all HTTP Request/response content. And so on. Example 3

Figure 3

2. Burp Kit

In fact, Burp is an integrated platform used to attack Web applications. It contains many tools, such as proxy servers, traps, intrusion programs, and forwarding programs. It has many interfaces to promote and enhance the process of attacking Web applications. All plug-ins share the Burp robust framework and can process HTTP requests, authentication, downstream proxy (downstream proxies), logs, warnings, and scalability requirements.

Burp allows an attacker to combine manual and automatic technologies to list, analyze, attack, and find web application vulnerabilities. A variety of Burp tools can be effectively combined to share information and allow vulnerabilities found by one tool to form a basis for attacks by another tool.

Its key features include:

(1) Being able to passively "enclose" an application in a non-intrusive manner, and make all requests originate from the user's browser.

(2) A single click can send data requests between plug-ins.

(3) extended through the IburpExtender interface, which allows third-party code to expand the functions of the Burp suite. Data Processed by one plug-in can affect the behavior and results of another plug-in any way.

(4) It can be configured for downstream proxy, Web, proxy authentication, and logging.

Burp kit:Http://portswigger.net/suite/

If you are interested in these tools, download and try. It will certainly surprise you.

Related Articles]

• Two vulnerabilities discovered in Firefox, an open-source browser