hey friends,
Today I am posting about Firefox add-on.
I assume every one Is aware of Fire fox add-on installation procedure.
as per above statement below are links for add-on and usage respectively.
I assume every one Is aware of Fire fox add-on installation procedure.
as per above statement below are links for add-on and usage respectively.
XSS Me
Cross-Site Scripting (XSS) is a common flaw found in todays web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
Xss Me :- https://addons.mozilla.org/en-US/firefox/addon/xss-me/
SQL Inject Me
SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
Sql Inject Me :- https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/
Access Me
Access vulnerabilities in an application can allow an attacker to access resources without being authenticated. Access-Me is a Firefox extension used to test for Access vulnerabilities.
Tamper Data tutorial
- What cookies are being sent to the browser, and what is the browser returning?
- Are the Cookies marked "secure"?
- When a redirect happens, is it an HTTP 302?
- What kind of HTTP Authentication is happening?
Contents
|
Getting Started
Since it's a Firefox extension, you'll first need to download and install Firefox (if you haven't already). Then visit the Tamper Data project page and click the link that reads "Install Now".Finally, restart Firefox and open Tools → Tamper Data. This will bring up the "Tamper Data - Ongoing Requests" window.
Recording Transactions
As soon as the Ongoing Requests window is up, Tamper Data will start recording HTTP requests. Here's what the window looks like after requesting blogger.com's main page.
- Time - When the request happened.
- Duration - How long it took to be retrieved.
- Total Duration - How long it took to render (includes response download time of item and all sub-items)
- Size - Size of received content (-1 indicates the item was loaded from the cache)
- Method - The HTTP method issued (GET or POST)
- Status - HTTP Status code received or "Loaded from cache"
- Content Type - Type of data received (aka Mime-Type)
- URL - Fully qualified URL of request.
- Load Flags - Additional HTTP information used in retrieving or rendering content.
Double-clicking an entry will bring up the "Tamper Details" window, which provides easy access to that request element's data. Here, I've opened the Tamper Details for the Cookie header of the initial blogger.com home page request.
Though the data is pretty to look at inside the Tamper Data shell, it's often convenient to move that data into an external file for viewing. To do this, return to the Ongoing requests window, right-click and choose "Copy all".
This will place all the request information into your clipboard so you can paste it into your favorite text editor.
Graphing Results
To graph the recorded results, in the Ongoing Requests window, select the desired results, right-click and choose "Graph selected" or "Graph all".
- URL - Fully qualified URL for the Item
- Status - HTTP Stats Code
- Duration - How long it took to download
- Time - A Gantt chart of requests.
Mousing over a URL reveals more information about that component.
Tampering
"Tampering" is the act of modifying request parameters before request submission. To begin Tampering, in the Ongoing Requests window, click the "Start Tamper" button in the upper-left corner.From here on out, whenever a top-level request is issued, you'll be prompted to tamper with the request. Selecting the Tamper button will launch the Tamper Popup.
After changing any request parameters, clicking OK will execute the request. In the Tamper Popup window, right-clicking a field reveals shortcut methods for a number of neat tricks such as URL encoding/decoding, Base64 encoding/decoding and HTML character removal.
Summary
Tamper Data is an excellent Firefox extension that matches IBM Page Detailer in features and utility. When Firefox is a permissible browser, Tamper Data is the clear choice between the two. However, there are cases when a non-Mozilla based browser is required (read: IE). In those rare instances, IBM Page Detailer is the way to go.11 Firefox Extensions for Managing Cookies
Cookie Monster :- In a nutshell, Cookie Monster allows for easier managing of what sites a user allows to set cookies and what sites cannot. It works best for users who do NOT accept cookies by default, although this is not necessary. It helps with Cookie Management, especially when you reject cookies by default.
Stealther If there are times you want to surf the web without leaving a trace in your local computer, then this is the right extension for you. What it does is temporarily disable the following:
· History
· Downloads
· Cookies
· Disk Cache
· Saved Form Information
· Referrer Heade
Add & Edit Cookies The main diffirence is that this extension edits and adds cookies not just displays them. it also has a handy filter feature, you can filter for a specific host in the cookies list and the search result will be saved even if you close the browser. See Screenshots.
Cookie Whitelist With Buttons – Gives you a whitelist for all cookie issuing sites. Use the buttons in the status bar to temporarily accept cookies from the site you are on, or click the add button to quickly add the current site to your list.
CookieCuller – A very straightforward extension that allows you to delete any unwanted cookies and keep the others.
CookieMan Context – Allows you to access a context menu for your cookies via the options privacy menu. It will allow you to search for desired sites, right click on the site name and quickly change your cookie options.
CookieSwap – A nice extension that will allow you to swap cookies so you can be logged into multiple email accounts at once. For Web designers, it will allow you to act like different visitors for site testing.
Extended Cookie Manager – Extended Cookie Manager will inform you via the status bar if a cookie was received from a site and then will notify you if it was blocked, allowed, or allowed only for the current session.
Firecookie – Works with Firebug to create cookies, delete them, edit, see all of the current cookies for a site and more.
HttpFox – You can monitor all of the traffic between your browser and a given website, including what cookies it is delivering and receiving.
View Cookies – Adds a tab in the Page Info area so you can easily view what cookies are on your system.
