Most Important Addons for Hackers & Pentesters

 # 7 Most Important Addons for Hackers & Pentesters :
*First of all always use Mozilla Firefox for Web App Pentesting & to use all these addons.


1. Tamper Data
Tamper Data is one of the most useful Addons for Pentesters it is used to view and modify HTTP/HTTPS headers and post parameters.Trace and time HTTP response or requests. Security test web applications by modifying POST parameters and Much More.




 2. Hack Bar
Hack Bar is one of the Best & Most wanted Simple security audit / Penetration test tool. Very Strongly Recommended you to Install & very useful. Useful in XSS, SQL Encoding/Decoding - MD5, SH1, Base64, Hexing, Splitting etc.


3. Live HTTP Headers
Live HTTP Headers is little bit same as Tamper Data but with great difference and art of working & Viewing HTTP headers of a page while browsing. It most comes use to Inject XSS Payloads & get many information of website plugins,CSS,Javascript & HTML content.

                                                                            
4. User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It can help you changing the User Agent to IE, Search Robots, I-Phone (I-OS), or you can also create your own User Agent. we've also Posted How to discover XSS through HTTP Header Injection & there we used User Agent Swithcer.
                                                           
5. Cookie Manager+
Cookies manager to view, edit and create, Inject Cookies etc. It also shows extra information about cookies, allows edit multiple cookies at once & backup/restore.


6. HTTP-Fox
HttpFox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers. It aims to bring the functionality known from tools like Http Watch or IE Inspector to the Firefox browser.

Information available per request includes:
- Request and response headers
- Sent and received cookies
- Querystring parameters
- POST parameters
- Response body

7. Passive Recon
PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. Most Wanted Information Gathering Tool.
/\/. XSS Me
This one is Just from my side ;). isn't recommended but you must have - XSS Me : Cross-Site Scripting (XSS) is a com How to discover XSS through HTTP Header Injectionmon flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.


By:hackw0rm
SHARE

About Lasha Gogua

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment