In addition to being popular, Firefox is one of the most secured browsers globally. There are a number of ways penetration testers and security professionals use Firefox to perform security testing such as using an intercepting proxy like Burp Suite or OWASP ZAP. However, the plugins we cover below can be used without any connecting proxy and give web penetration testers and software developers the ability to perform pen testing / unit testing.
Below are the TOP 10 Web Application Security Testing Extensions for Mozilla Firefox:
1. Firebug
This is among the most effective extensions currently because its able to incorporate a web development tool inside the browser which gives you the ability to edit and debug HTML, JavaScript, and CSS.
2. User-agent switcher
User-agent switcher extension adds a one-click user agent to the browser menu and toolbar button. Every time you want to use the browser button, which helps in bluffing the browser at the same time executing attacks.
3. FoxyProxy Standard
This is a progressive proxy management extension on this browser has upgraded features on the built-in proxy abilities. Despite having another similar kind of proxy management extension available, FoxyProxy has more features than all other available options. Depending on the URL patterns, it switches internet connection across a number of proxy servers.
4. CryptoFox
This is an encryption or decryption tool for Mozilla which aids a number of existingalgorithms to help you easily encrypt or decrypt data accessible encryption algorithms. CryptoFox has adictionary attack support for cracking MD5 passwords.
5. NoScript
This extension offers great security testing more than one can imagine because of it’s capacity to monitor each script running on a website which enables you to block any scripts and check what every script actually does. Because of its complexity, it’s not the best option for newbies but experts.
6. Grease Monkey
This extension the complete opposite of NoScript add-on. It is mainly used to run scripts after the NoScript has blocked it. In addition, It allows you to customize the display of a website using small bits of JavaScript.
7. Hackbar
This is a simple Mozilla extension which can be used by newbies and helps in testing simple SQL as well as XSS holes to easily test the existence of any form of vulnerabilities. Its an encryption and encoding tool which helps in testing XSS vulnerability and supporting keyboard shortcuts in performing various tasks. Since you can send post data to bypass client side validations, can effectively be used in determining POST XSS vulnerabilities.
8. Cookies manager
This add-on is among the best tools ever created for altering cookies. Using the Cookies Manager, you can create new cookies, view and edit available cookies since It displays all the information about the cookies.
9. Tamper data
Tamper data is great for viewing and modifying HTTP/HTTPS headers and also POST parameters. It can help you alter any requests going from your machine to destination host thus securing tests of web applications.
10. SQL Inject me
This extension is majorly used to find SQL injection issues in applications. Rather than exploiting vulnerabilities,instead displays their existence. The major setback of the said extension is the capacity to allow hackers to add and modify information in a database.