Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Firefox Plugin Collections SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox Plugin Collections

Our reader Mark send us a link to his firefox "Security Suite" https://addons.mozilla.org/en-US/firefox/collection/securitysuite .

Mozilla started offering the ability to setup these collections to make it easier to share sets of plugins like that. Our handler Swa got inspired by Mark's submission, and setup his own https://addons.mozilla.org/en-US/firefox/collection/isc

I think this is a great idea. And I am wondering what plugins our readers would recommend for a suite like this. I can see three different suites:

- Home user security suite
- Security professional suite
- Pentesting suite.

Let me know which tools you would add to either one of them, and I will publish the top 5 plugins in each category (and maybe even setup the corresponding suites)

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3698 Posts
ISC Handler
Firebug should definitely go into one of the above suites.
oleksiy

34 Posts
Agreed. I like firebug a lot. Probably more for "pros" then home users.
Johannes

3698 Posts
ISC Handler
I like WOT (Web of Trust) addon. Users can rate sites on a variety of factors. Any links shown in the browser will be accompanied by an icon that will be green, orange, red, or grey (good, scam, malicious, not rated).

Very useful for quickly picking out blackhat SEO poisoned queries in Google or search engine of your choice.
Johannes
2 Posts
Here's a pen-testing collection https://addons.mozilla.org/en-US/firefox/collection/redspin-web
Johannes
1 Posts
I'm a fan of Ghostery, which lets you know of (and block) web bugs.

https://addons.mozilla.org/en-US/firefox/addon/9609
Johannes
1 Posts
Home User: no script, adblock plus, cookie safe, McAfee site advisor, IE tab, ref control.
Security Professional: Home User, external ip, firebug, firecookie, http fox, quick proxy, show ip, tamper data, web developer.
Pentesting Suite: not sure if browser plugins can replace BackTrack or seperate tools such as nmap, netcat/cryptcat, burp/paros, metasploit, etc. but I agree with Joel P. - Nathan Drier's Redspin is nice =)
SecurityFr3ak

5 Posts
A more general use plugin is Prefbar:
http://prefbar.mozdev.org/ I use to disable JS/Java/Popups in one click.
Mathieu

1 Posts
Some of the ones I use for WebApp testing include: firebug, xss me, sql inject me, hackbar(for the encoders), add n edit cookies, tamperdata(for when I just don't feel like launching paros or fiddler), and jsview
TheLightCosine

5 Posts
We have recently released the Samurai Web Testing Framework Firefox add-ons collection, available at:
https://addons.mozilla.org/en-US/firefox/collection/samurai
Raul Siles

152 Posts

iOpus iMacros can be useful for automating pen-testing procedures, and other tasks.
https://addons.mozilla.org/en-US/firefox/addon/3863
Anonymous

Sign Up for Free or Log In to start participating in the conversation!