Quite often, a web-hacker’s only friend is little more than a
web-browser. But advancement in extensible browsers has lead to a vast
array of hacking-related addons being released into the public. In this
entry, I will outline what I believe to be the most useful
browser-addons that will streamline the entire web-hacking process.
1. Hackbar
This is one of my favourite addons for Firefox. It’s beauty is in it’s simplicity. No overkill with Hackbar, it does what it says on the tin. There’s nothing more agitating to Hector than when you find an injectable site with 78 columns. Who wants to spend needless minutes counting to infinity? With Hackbar, it automates union select statements by allowing you to specify the column count, and it will print all of the columns for you.
Hackbar has a wealth of other useful features. Don’t want to spend time referencing a decimal chart for the char function? Let hackbar convert a string for you. Just pulled the username and password from the DB to find out the password is an MD5 hash? Just tell hackbar – it will submit the HASH to an array of online MD5 -cracking services.
It’s worth noting that Hackbar is not an exploitation tool that will hack for you – You will still be required to find flaws, and injection points – Hackbar just makes the process a little more automated, saving you an abundance of time.
Download link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/
2. Firebug
How often have you been forced to download the source-code of a webpage, with intent of modifying it’s form contents – or javascript injection to try and accomplish the task a little quicker? If you answered “Way too much fecking time Hector!” – then Firebug is for you. Firebug allows you to modify the content of a page (HTML or Javascript) on the fly – enabling you to modify it to your likings. Annoying javascript input validation? Remove it with Firebug! Form not formulated to your likings? Hack it up real nice, with Firebug!
Download link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
3. Firesheep
Firesheep is a new and innovative addon which allows you to hijack HTTP sessions of users sharing the same network. The potential of Firesheep is endless. From internet cafes to poorly encrypted or even open public networks – Firesheep is a real threat to anyone operating outside the comfort of their home networks. It unfortunately is not yet support for Linux.
Download link: http://codebutler.github.com/firesheep/
4. Tamper Data
Tamper Data is an extremely useful addon, that allows you to modify HTTP/HTTPS headers, along with post parameters on the fly. It’s a great way to get an overview of communication between the browser and server and change data to your requirements.
Download link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
5. Add ‘n’ Edit Cookies
A lightweight addon that allows you to edit your cookie session quickly and effectively. A useful addition to the web-hacker’s array of addons.
Download link: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies/
Notable mentions
XSS Me
“XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting”.
Download link: https://addons.mozilla.org/en-US/firefox/addon/xss-me/
SQL Inject ME
“SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. “
Download link: https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/
1. Hackbar
This is one of my favourite addons for Firefox. It’s beauty is in it’s simplicity. No overkill with Hackbar, it does what it says on the tin. There’s nothing more agitating to Hector than when you find an injectable site with 78 columns. Who wants to spend needless minutes counting to infinity? With Hackbar, it automates union select statements by allowing you to specify the column count, and it will print all of the columns for you.
Hackbar has a wealth of other useful features. Don’t want to spend time referencing a decimal chart for the char function? Let hackbar convert a string for you. Just pulled the username and password from the DB to find out the password is an MD5 hash? Just tell hackbar – it will submit the HASH to an array of online MD5 -cracking services.
It’s worth noting that Hackbar is not an exploitation tool that will hack for you – You will still be required to find flaws, and injection points – Hackbar just makes the process a little more automated, saving you an abundance of time.
Download link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/
2. Firebug
How often have you been forced to download the source-code of a webpage, with intent of modifying it’s form contents – or javascript injection to try and accomplish the task a little quicker? If you answered “Way too much fecking time Hector!” – then Firebug is for you. Firebug allows you to modify the content of a page (HTML or Javascript) on the fly – enabling you to modify it to your likings. Annoying javascript input validation? Remove it with Firebug! Form not formulated to your likings? Hack it up real nice, with Firebug!
Download link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
3. Firesheep
Firesheep is a new and innovative addon which allows you to hijack HTTP sessions of users sharing the same network. The potential of Firesheep is endless. From internet cafes to poorly encrypted or even open public networks – Firesheep is a real threat to anyone operating outside the comfort of their home networks. It unfortunately is not yet support for Linux.
Download link: http://codebutler.github.com/firesheep/
4. Tamper Data
Tamper Data is an extremely useful addon, that allows you to modify HTTP/HTTPS headers, along with post parameters on the fly. It’s a great way to get an overview of communication between the browser and server and change data to your requirements.
Download link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
5. Add ‘n’ Edit Cookies
A lightweight addon that allows you to edit your cookie session quickly and effectively. A useful addition to the web-hacker’s array of addons.
Download link: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies/
Notable mentions
XSS Me
“XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting”.
Download link: https://addons.mozilla.org/en-US/firefox/addon/xss-me/
SQL Inject ME
“SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. “
Download link: https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/
0 comments:
Post a Comment