I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.

XSS Me

This plugin discovers all the fields on the current page, and gives you the option to launch targeted attacks on each field, or to launch all of its attacks against all fields.

SQL Inject Me

From the same group as XSS Me, this plugin finds all fields on the page you’re on and let’s you launch the most common SQL injection attacks against them.

Live HTTP Headers

See exactly what your browser is sending and receiving in real-time.

User Agent Switcher

Change your user-agent on the fly. So, you can make it look like you’re coming from Lynx running on AIX, or like you’re the GoogleBot.

Web Developer

Modify all sorts of options related to the site you’re viewing. Disable scripting, modify forms, etc., etc. Trust me–good stuff.

Tamper Data

Lets you view the data that’s being passed back and forth between you and the web server…and let’s you mess with it. Think “WebScarab”, but far simpler, and as a Firefox plugin.

ASnumber

Find the Autonomous System Number (ASN) of the network that your current site is served from. Simple. Useful.

DT Whois

Do a domaintools.com lookup of the site you’re currently visiting. If you haven’t used domaintools.com yet, you’ll be even more impressed.

Firebug

Gives you a developer’s view into the page you’re viewing, showing exactly what scripts are running, what the stylesheet is, etc. Oh, and let’s you change them and see what the result would be. Not really a security thing, but strong enough to be included in a list of musts.

SwitchProxy Tool

Allows you to quickly switch back and forth between multiple proxies, or between using your main proxy and going straight out to the Internet. My configuration always includes at least one proxy: localhost:8008 for WebScarab.

Hackbar

This tool, added on Zach’s (@quine’s) request, is kind of interesting. It allows a lot of functionality from a very simple interface. Essentially, it presents you with the ability to modify the current URL in a number of interesting ways, including giving access to a number of simple tools for translating data formats. Worth adding to the list of essentials.

So there they are. If you have any I should add to this list of essentials, do let me know in the comments or via email. ::

(Thanks to those who helped me build this list including Johannes Ulrich and Steve Crapo)

Related

[ Information Security Posts | danielmiessler.com ]