Phenquestions
Today we will discuss about the browser extensions that every ethical hacker should use to make its life and hacking a lot easier than before, and we will be talking about the best among them and the purpose of each of them. Some of these extensions will be Chrome-based only, others will be Firefox-based only and some of these will be available for both.
Now let's start with those browser extensions:
Tamper Data
Tamper Data allows you to monitor and modify http, https and other web browser requests and responses which are not generally shown to you. If you have ever used burp suite, you will get a better understanding that tamper data is like a smaller version of burp suite within browser. Most of the ethical hacking is based upon fuzzing and for that we often need to change or modify inputs and requests and we can use this browser extension for this purpose. Tamper Data is for both Chrome and Firefox. Similar extensions include 'Request Maker', 'EditThisCookie' and 'Live HTTP Headers'.
Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/tamper-data-for-ff-quantum/
Link(Chrome): https://chrome.google.com/webstore/detail/tamper-chrome-extension/hifhgpdkfodlpnlmlnmhchnkepplebkb?hl=en
Wappalyzer
In web application penetration testing, we need to gather information about its domain, hardware and software such as what OS is running on server and of what version? This process is known as information gathering or banner grabbing. This process is helpful to take advantage of Common Vulnerabilities and Exposures (CVE). Wappalyzer is the browser extension for this purpose, i.e., it extracts out important information about the web application that can be useful in pentesting it. Wappalyzer extension is available for both Chrome and Firefox. Similar extensions for this kind of information gathering are 'Firebug' and 'IP Address and Domain Info'.
Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/
Link(Chrome): https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en
Proxy SwitchySharp
No one better than ethical hackers can appreciate the importance of a reliable proxy and Proxy SwitchySharp extension not only provides that proxy but it also provides additional features that help a lot in ethical hacking as well as for other technical users. Proxy SwitchySharp has a feature of tab switching proxies which changes its proxy configurations based upon the URL requested, which means you can use multiple different proxies for multiple different websites at the same time without the hassle of handling it manually. Proxy SwitchySharp is for Chrome only. Among proxy extensions, 'FoxyProxy' has also earned its name as a proxy manager.
Link(Chrome): https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm?hl=en
HackBar
HackBar provides an ease of access and interface to web pentesting. It can be used for ease in SQL injection, XSS and other attacks as it gives user-friendly space for fuzzing inputs and URLs. Along with an interface, it also helps in SQL functions, XSS queries, encoding, decoding, hash generation, etc. Furthermore, it helps in easily reading, copying and requesting URLs so that you can easily pentest or test any web application. This extension is for both Chrome as well as for Firefox.
Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/hackbartool/
Link(Chrome): https://chrome.google.com/webstore/detail/hackbar/ejljggkpbkchhfcplgpaegmbfhenekdc?hl=en
Open Port Check Tool
As its name suggests, Open Port Check Tool detects any open ports on the current computer to alert the user to turn off any unused port and minimize any attacking possibility. This is quite helpful in pentesting as unused open ports are not recommended and are considered to be an invite for an attacker to exploit any vulnerability on that port. It is an extension for Chrome users only.
Link(Chrome):
https://chrome.google.com/webstore/detail/open-port-check-tool/lefghalnfhaklfbndadklndcndabkadb
Bishop Vulnerability Scan
This extension is a vulnerability scanner for websites. It scans for different common vulnerabilities like misconfigured files, exposed version control systems, parent and child directory transversal on the sites that you target. This tool automatically checks for these basic vulnerabilities in the sites, running in the background. It is made for testing purposes on your site or if you have authorisation to scan a particular site. HPP Finder is another web vulnerability testing browser extension which specially checks for HTTP Parameter Poisoning (HPP) exploits. Bishop Vulnerability Scan is a chrome-based extension.
Link(Chrome):
https://chrome.google.com/webstore/detail/bishop-vulnerability-scan/cbkdeoaaclnbidadjimofnhpbfhjakoe
OffSec Exploit-db Search
This extension is not an exploiter but it searches for exploits from the maintained database of exploits by offensive security named as exploit-db. You can search for all kinds of exploits for many different platforms. This database not only provides information about the exploits but also provides payloads for some exploits and other stuff related to some exploits as well and hence this browser extension searches through this database of exploits. This extension is on firefox browser only.
Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
Site Spider Mark II
It extracts all the publicly accessible links used in a site and is used to search and find broken links in a website. Site Spider Mark II also shows you the whole list of links that it finds to refer to. Site Spider extension is for chrome users. You can find this extension at:
Link(Chrome):
https://chrome.google.com/webstore/detail/site-spider-mark-ii/gedjofgioahckekhpgknhchelbpdogok?hl=en
Note Anywhere:
Ethical Hacking for web applications starts with collecting basic to advance information about the targeted websites and ethical hackers normally use different word processors to save that information and load quickly whenever needed. Note Anywhere makes it much easier for them to quickly save and load that information as it allows users to write anywhere on the website at realtime and bring back those saved notes whenever needed or the user visits that website again. It also shows the number of notes created on that particular page and other than this, you can import, export and share these notes for your ease. This extension is for chrome users.
Link(Chrome):
https://chrome.google.com/webstore/detail/note-anywhere/bohahkiiknkelflnjjlipnaeapefmjbh
D3coder:
D3coder is chrome-based browser extension which instantly encrypts and decrypts text and hashes using different encryption standards. It also uses a dictionary to crack common hashes. Other than encryption and decryption, it also supports encoding and decoding like base64 encoding. It is often useful as there is always a need of instantly encoding and decoding keys and hashes for ethical hackers.
Link(Chrome):
https://chrome.google.com/webstore/detail/d3coder/gncnbkghencmkfgeepfaonmegemakcol?hl=en
[Bonus] Penetration Testing Kit
Penetration Testing Kit is an extension bundled up with helping in many penetration testing techniques for ethical hackers. It provides an interface for sending and viewing request and response information. Moreover, you can build your own requests and use it for SQL injection, XSS and other form related vulnerability by using it as a request builder and viewing its response. This is a chrome-based extension.
Link(Chrome):
https://chrome.google.com/webstore/detail/penetration-testing-kit/ojkchikaholjmcnefhjlbohackpeeknd?hl=en-GB
Conclusion
This was all for this article, hope that this was helpful for you and it gave a good insight and knowledge about useful browser extensions and also that you will use this knowledge to do good.
