Monday, 29 July 2013

Firexfox Add-onns for Penetration Testers

23:10  Unknown  No comments

Firefox is the popular web browsers that lets users to customize the look and functions with the help of add-ons. There are many kind of add-ons are available. So, add-ons are also available for penetration testers. Penetration testers can use these add-ons to turn their browser into a penetraation testing tool. Add-ons are available for all kind of penetration testing phase.

Few popular add-ons are below
  • FoxyProxy Standard
  • Firebug
  • Web Developer
  • User Agent Switch
  • Live HTTP Headers
  • HackBar
  • Tamper Data
  • Web Securify
  • Add N Edit Cookies
  • XSS Me
  • SQL Inject Me
  • CryptoFox
See a full list with detailed description here on Infosec institute resources. In this detailed article, I mentioned all the important security add-ons and how those add-ons work. Read the original article and express your views in comments.

Interested in learning web security, join web application security course offered by infosec Institute.

Read More

Saturday, 27 July 2013

Find XSS vulnerabilities with X5s and Fiddler

14:33  Unknown  No comments

Fiddler is a web debugging proxy tool. It is used to monitor we traffic between your computer and Internet. With the help of the tool you can inspect the request and response of web traffic. The tool is available for free and inspect traffic incoming to all browsers of the system. Its ability to monitor web traffic makes it useful tool for penetration testing.

It is mostly used in finding XSS vulnerability in web applications. Although the tool cannot directly help in finding XSS vulnerabilities, it can with the help of an add-on. X5S is the fiddler add-on that help it. But the tool is not for beginners. Before using the tool, you need to have understanding of XSS encoding. Because it only helps in finding possible injections. Most of the times, it shows false alerts. Basically the tool helps in finding places where safe encoding was not applied in use inputs.


X5s for Fiddler is also available for free. So, you can download it from official link. After installation, it adds a X5s tab in the fiddler from where you can manage all the settings and see the vulnerable links.

The tool needs proper configuration and then test case setup. I am not going to explain it here. I already wrote a full article on X5S and Fiddler on Infosec Institute website. You can read there.

Intersted in learning web security, join web application security course offered by infosec Institute.

Read More

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More