January 18, 2011 Leave a comment
Quite often, a web-hacker’s only friend is little more than a web-browser. But advancement in extensible browsers has lead to a vast array of hacking-related addons being released into the public. In this entry, I will outline what I believe to be the most useful browser-addons that will streamline the entire web-hacking process.
This is one of my favourite addons for Firefox. It’s beauty is in it’s simplicity. No overkill with Hackbar, it does what it says on the tin. There’s nothing more agitating to Hector than when you find an injectable site with 78 columns. Who wants to spend needless minutes counting to infinity? With Hackbar, it automates union select statements by allowing you to specify the column count, and it will print all of the columns for you.
Hackbar has a wealth of other useful features. Don’t want to spend time referencing a decimal chart for the char function? Let hackbar convert a string for you. Just pulled the username and password from the DB to find out the password is an MD5 hash? Just tell hackbar – it will submit the HASH to an array of online MD5 -cracking services.
It’s worth noting that Hackbar is not an exploitation tool that will hack for you – You will still be required to find flaws, and injection points – Hackbar just makes the process a little more automated, saving you an abundance of time.
Download link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Download link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
Firesheep is a new and innovative addon which allows you to hijack HTTP sessions of users sharing the same network. The potential of Firesheep is endless. From internet cafes to poorly encrypted or even open public networks – Firesheep is a real threat to anyone operating outside the comfort of their home networks. It unfortunately is not yet support for Linux.
Download link: http://codebutler.github.com/firesheep/
4. Tamper Data
Tamper Data is an extremely useful addon, that allows you to modify HTTP/HTTPS headers, along with post parameters on the fly. It’s a great way to get an overview of communication between the browser and server and change data to your requirements.
Download link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
5. Add ‘n’ Edit Cookies
A lightweight addon that allows you to edit your cookie session quickly and effectively. A useful addition to the web-hacker’s array of addons.
“XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting”.
Download link: https://addons.mozilla.org/en-US/firefox/addon/xss-me/
SQL Inject ME
“SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities. ”