Tuesday, January 6, 2009

Security add-ons for Firefox

Firefox is currently the fastest growing web browser in the world and at last count commands over 20% of the browser market share. Firefox is popular not only because it costs us nothing to download/use/distribute but it also seem to have an inexhaustible array of add-ons/extensions to enhance its looks and funtionality.

What many may not know is that, Firefox can also be used as a pen-test/auditing tool. The Hackbar add-on contains several tools to test XSS, SQL Injection etc, pretty nifty toolset especially for programmers who want to audit their apps before going live.

A smaller set of utilities for just auditing SQL Injection is also available.

There is also Firekeeper an IDS for Firefox that works with definable rules that are Snort-like.

There is an interesting paper entitled Turning Firefox Into an Ethical Hacking Platform that showcases FireCAT (Firefox Collection of Auditing Extensions), a collection of add-ons/extensions that will turn Firefox into a security toolset. FireCAT 1.4 is the latest release and can be downloaded here

The entire tarball is about 9.4 MB.

For GPG users like me, I rely on FireGPG to allow me to sign/encrypt when I use my Gmail account.

Note that while most Firefox extensions are generally workable across computing platforms (Win/NIX), I have tried them on my GNU/Linux machine running Firefox 3.x only.

Happy Hacking!!!

No comments: