Linux Security

Top 10 Browser Extensions for Ethical Hackers

Ethical hacking is not just a single skill, it is a whole set of skills and among these skills includes the usage of different tools for different techniques to work faster and with less effort.

Today we will discuss about the browser extensions that every ethical hacker should use to make its life and hacking a lot easier than before, and we will be talking about the best among them and the purpose of each of them. Some of these extensions will be Chrome-based only, others will be Firefox-based only and some of these will be available for both.

Now let’s start with those browser extensions:

Tamper Data

Tamper Data allows you to monitor and modify http, https and other web browser requests and  responses which are not generally shown to you. If you have ever used burp suite, you will get a better understanding that tamper data is like a smaller version of burp suite within browser. Most of the ethical hacking is based upon fuzzing and for that we often need to change or modify inputs and requests and we can use this browser extension for this purpose. Tamper Data is for both Chrome and Firefox. Similar extensions include ‘Request Maker’, ‘EditThisCookie’ and ‘Live HTTP Headers’.

Link(Firefox):  https://addons.mozilla.org/en-US/firefox/addon/tamper-data-for-ff-quantum/

Link(Chrome): https://chrome.google.com/webstore/detail/tamper-chrome-extension/hifhgpdkfodlpnlmlnmhchnkepplebkb?hl=en

Wappalyzer

In web application penetration testing, we need to gather information about its domain, hardware and software such as what OS is running on server and of what version? This process is known as information gathering or banner grabbing. This process is helpful to take advantage of Common Vulnerabilities and Exposures (CVE). Wappalyzer is the browser extension for this purpose, i.e., it extracts out important information about the web application that can be useful in pentesting it. Wappalyzer extension is available for both Chrome and Firefox. Similar extensions for this kind of information gathering are ‘Firebug’ and ‘IP Address and Domain Info’.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/

Link(Chrome): https://chrome.google.com/webstore/detail/wappalyzer/gppongmhjkpfnbhagpmjfkannfbllamg?hl=en

Proxy SwitchySharp

No one better than ethical hackers can appreciate the importance of a reliable proxy and Proxy SwitchySharp extension not only provides that proxy but it also provides additional features that help a lot in ethical hacking as well as for other technical users. Proxy SwitchySharp has a feature of tab switching proxies which changes its proxy configurations based upon the URL requested, which means you can use multiple different proxies for multiple different websites at the same time without the hassle of handling it manually. Proxy SwitchySharp is for Chrome only. Among proxy extensions, ‘FoxyProxy’ has also earned its name as a proxy manager.

Link(Chrome): https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm?hl=en

HackBar

HackBar provides an ease of access and interface to web pentesting. It can be used for ease in SQL injection, XSS and other attacks as it gives user-friendly space for fuzzing inputs and URLs. Along with an interface, it also helps in SQL functions, XSS queries, encoding, decoding, hash generation, etc. Furthermore, it helps in easily reading, copying and requesting URLs so that you can easily pentest or test any web application. This extension is for both Chrome as well as for Firefox.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/hackbartool/

Link(Chrome): https://chrome.google.com/webstore/detail/hackbar/ejljggkpbkchhfcplgpaegmbfhenekdc?hl=en

Open Port Check Tool

As its name suggests, Open Port Check Tool detects any open ports on the current computer to alert the user to turn off any unused port and minimize any attacking possibility. This is quite helpful in pentesting as unused open ports are not recommended and are considered to be an invite for an attacker to exploit any vulnerability on that port. It is an extension for Chrome users only.

Link(Chrome):

https://chrome.google.com/webstore/detail/open-port-check-tool/lefghalnfhaklfbndadklndcndabkadb

Bishop Vulnerability Scan

This extension is a vulnerability scanner for websites. It scans for different common vulnerabilities like misconfigured files, exposed version control systems, parent and child directory transversal on the sites that you target. This tool automatically checks for these basic vulnerabilities in the sites, running in the background. It is made for testing purposes on your site or if you have authorisation to scan a particular site. HPP Finder is another web vulnerability testing browser extension which specially checks for HTTP Parameter Poisoning (HPP) exploits. Bishop Vulnerability Scan is a chrome-based extension.

Link(Chrome):

https://chrome.google.com/webstore/detail/bishop-vulnerability-scan/cbkdeoaaclnbidadjimofnhpbfhjakoe

OffSec Exploit-db Search

This extension is not an exploiter but it searches for exploits from the maintained database of exploits by offensive security named as exploit-db. You can search for all kinds of exploits for many different platforms. This database not only provides information about the exploits but also provides payloads for some exploits and other stuff related to some exploits as well and hence this browser extension searches through this database of exploits. This extension is on firefox browser only.

Link(Firefox): https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/

Site Spider Mark II

It extracts all the publicly accessible links used in a site and is used to search and find broken links in a website. Site Spider Mark II also shows you the whole list of links that it finds to refer to. Site Spider extension is for chrome users. You can find this extension at:

Link(Chrome):

https://chrome.google.com/webstore/detail/site-spider-mark-ii/gedjofgioahckekhpgknhchelbpdogok?hl=en

Note Anywhere:

Ethical Hacking for web applications starts with collecting basic to advance information about the targeted websites and ethical hackers normally use different word processors to save that information and load quickly whenever needed. Note Anywhere makes it much easier for them to quickly save and load that information as it allows users to write anywhere on the website at realtime and bring back those saved notes whenever needed or the user visits that website again. It also shows the number of notes created on that particular page and other than this, you can import, export and share these notes for your ease. This extension is for chrome users.

Link(Chrome):

https://chrome.google.com/webstore/detail/note-anywhere/bohahkiiknkelflnjjlipnaeapefmjbh

D3coder:

D3coder is chrome-based browser extension which instantly encrypts and decrypts text and hashes using different encryption standards. It also uses a dictionary to crack common hashes. Other than encryption and decryption, it also supports encoding and decoding like base64 encoding. It is often useful as there is always a need of instantly encoding and decoding keys and hashes for ethical hackers.

Link(Chrome):

https://chrome.google.com/webstore/detail/d3coder/gncnbkghencmkfgeepfaonmegemakcol?hl=en

[Bonus] Penetration Testing Kit

Penetration Testing Kit is an extension bundled up with helping in many penetration testing techniques for ethical hackers. It provides an interface for sending and viewing request and response information. Moreover, you can build your own requests and use it for SQL injection, XSS and other form related vulnerability by using it as a request builder and viewing its response. This is a chrome-based extension.

Link(Chrome):

https://chrome.google.com/webstore/detail/penetration-testing-kit/ojkchikaholjmcnefhjlbohackpeeknd?hl=en-GB

Conclusion

This was all for this article, hope that this was helpful for you and it gave a good insight and knowledge about useful browser extensions and also that you will use this knowledge to do good.

About the author

Usama Azad

Usama Azad

A security enthusiast who loves Terminal and Open Source. My area of expertise is Python, Linux (Debian), Bash, Penetration testing, and Firewalls. I’m born and raised in Wazirabad, Pakistan and currently doing Undergraduation from National University of Science and Technology (NUST). On Twitter i go by @UsamaAzad14