*First of all always use Mozilla Firefox for Web App Pentesting & to use all these addons.
1. Tamper Data
Tamper Data is one of the most useful Addons for Pentesters it is used to view and modify HTTP/HTTPS headers and post parameters.Trace and time HTTP response or requests. Security test web applications by modifying POST parameters and Much More.
2. Hack Bar
Hack Bar is one of the Best & Most wanted Simple security audit / Penetration test tool. Very Strongly Recommended you to Install & very useful. Useful in XSS, SQL Encoding/Decoding - MD5, SH1, Base64, Hexing, Splitting etc.
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It can help you changing the User Agent to IE, Search Robots, I-Phone (I-OS), or you can also create your own User Agent. we've also Posted How to discover XSS through HTTP Header Injection & there we used User Agent Swithcer.
Cookies manager to view, edit and create, Inject Cookies etc. It also shows extra information about cookies, allows edit multiple cookies at once & backup/restore.
HttpFox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers. It aims to bring the functionality known from tools like Http Watch or IE Inspector to the Firefox browser.
Information available per request includes:
- Request and response headers
- Sent and received cookies
- Querystring parameters
- POST parameters
- Response body
PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. Most Wanted Information Gathering Tool.
This one is Just from my side ;). isn't recommended but you must have - XSS Me : Cross-Site Scripting (XSS) is a com How to discover XSS through HTTP Header Injectionmon flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.