My next class:

Firefox Plugin Collections

Published: 2009-10-08. Last Updated: 2009-10-08 14:18:17 UTC
by Johannes Ullrich (Version: 1)
10 comment(s)

Our reader Mark send us a link to his firefox "Security Suite" https://addons.mozilla.org/en-US/firefox/collection/securitysuite .

Mozilla started offering the ability to setup these collections to make it easier to share sets of plugins like that. Our handler Swa got inspired by Mark's submission, and setup his own https://addons.mozilla.org/en-US/firefox/collection/isc

I think this is a great idea. And I am wondering what plugins our readers would recommend for a suite like this. I can see three different suites:

- Home user security suite
- Security professional suite
- Pentesting suite.

Let me know which tools you would add to either one of them, and I will publish the top 5 plugins in each category (and maybe even setup the corresponding suites)

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: firefox plugin
10 comment(s)
My next class:

Comments

Firebug should definitely go into one of the above suites.
Agreed. I like firebug a lot. Probably more for "pros" then home users.
I like WOT (Web of Trust) addon. Users can rate sites on a variety of factors. Any links shown in the browser will be accompanied by an icon that will be green, orange, red, or grey (good, scam, malicious, not rated).

Very useful for quickly picking out blackhat SEO poisoned queries in Google or search engine of your choice.
Here's a pen-testing collection https://addons.mozilla.org/en-US/firefox/collection/redspin-web
I'm a fan of Ghostery, which lets you know of (and block) web bugs.

https://addons.mozilla.org/en-US/firefox/addon/9609
Home User: no script, adblock plus, cookie safe, McAfee site advisor, IE tab, ref control.
Security Professional: Home User, external ip, firebug, firecookie, http fox, quick proxy, show ip, tamper data, web developer.
Pentesting Suite: not sure if browser plugins can replace BackTrack or seperate tools such as nmap, netcat/cryptcat, burp/paros, metasploit, etc. but I agree with Joel P. - Nathan Drier's Redspin is nice =)
A more general use plugin is Prefbar:
http://prefbar.mozdev.org/ I use to disable JS/Java/Popups in one click.
Some of the ones I use for WebApp testing include: firebug, xss me, sql inject me, hackbar(for the encoders), add n edit cookies, tamperdata(for when I just don't feel like launching paros or fiddler), and jsview
We have recently released the Samurai Web Testing Framework Firefox add-ons collection, available at:
https://addons.mozilla.org/en-US/firefox/collection/samurai

iOpus iMacros can be useful for automating pen-testing procedures, and other tasks.
https://addons.mozilla.org/en-US/firefox/addon/3863

Diary Archives