Samurai Web Testing Framework es un entorno de trabajo basado en GNU/Linux Ubuntu, que ha sido pre-configurado para llevar a cabo Test de Penetración a Aplicativos Web. (Más información / Reseña en español)
Es por esto que se ha elaborado una recopilación con los mejores Add-ons para Firefox enfocados a los test de penetración a aplicativos Web incluídos en dicha distribución, para convertir nuestro Firefox en una completa “Hacking Tool Suite”.
La siguiente será entonces una lista de Add-ons imprescindibles para muchas de las pruebas y los entornos desarrollados en Sec-Track.
- User Agent Switcher
The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of the browser. - JavaScript Deobfuscator
This add-on will show you what JavaScript gets to run on a web page, even if it is obfuscated and generated on the fly. Simply open JavaScript Deobfuscator from the Tools menu and watch the scripts being compiled/executed. - View Dependencies
View Dependencies adds a tab to the Page Info window, in which it lists all the files which were loaded to show the current page. - Add N Edit Cookies
Cookie Editor that allows you add and edit “session” and saved. - HackBar
Simple security audit / Penetration test tool. - Access Me
Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities. - SQL Injection
SQL Injection is an Upgrade from the old form free, it is a component to transform checkboxes, radio buttons, select elements to a input text and enable disabled elements from all forms in a page.
It makes easier to test and identify SQL injection vulnerabilities in web pages. - Advanced Dork
Advanced Dork: gives quick access to Google’s Advanced Operators directly from the context menu. - Header Spy
Shows HTTP headers on statusbar. - JSView
All browsers include a “View Source” option, but none of them offer the ability to view the source code of external files. Most websites store their javascripts and style sheets in external files and then link to them within a web page’s. - DOM Inspector
DOM Inspector is a tool that can be used to inspect and edit the live DOM of any web document or XUL application. The DOM hierarchy can be navigated using a two-paned window that allows for a variety of different views on the document and all nodes within. - XSS Me
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities. - SQL Inject Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities. - RefControl
Control what gets sent as the HTTP Referer on a per-site basis. - Tamper Data
Use tamperdata to view and modify HTTP/HTTPS headers and post parameters. - Greasemonkey
Allows you to customize the way a webpage displays using small bits of JavaScript. - Web Developer
The Web Developer extension adds a menu and a toolbar with various web developer tools. - Firebug
Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page… - FoxyProxy Standard
FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.
Fuente: Sec-Track