Firefox Plugins for Penetration Testing

1. Flagfox: can display the national flag of the site, as well as the IP address, domain name, server location and other information of the web page

Click on the small flag below

2. Wappalyzer: is a chrome website technical analysis plug-in that can analyze the platform architecture, website environment, server configuration environment, JavaScript framework, programming language and other parameters used by the target website.

3.Max HacKBar: a classic tool for web penetration

4. user-agent switcher: User Agent Switcher is a program that can simulate a search engine. Use the simulated Agent to access those web pages that have been manipulated by search engines, and you can see the real content.

Example: Disguise a webpage with a mobile phone’s Android browser and then use bp to intercept

5. Web Developer: In the Web Developer plug-in toolbar , it is mainly composed of the following parts: Disable, Cookies, CSS, Forms, Images, Information, Miscellaneous, Outline, Resize, Tools, View Source, Options.

Disable: You can temporarily block certain things on the current page, such as JavaScript scripts, caching, automatic redirection of mete, display the web page as black (except images), disable pop-up windows, and so on.
Cookies tool: You can use this tool to view the cookie information of the current page, you can view by different domain names or paths, and you can manually add a cookie, which is a very convenient and powerful tool for the development and debugging of background network programming.
CSS Style Sheet Tool: This is a very powerful tool. With this powerful assistant based on CSS web page layout, work and learning will become very simple. You can control whether CSS is applied, view the CSS file of the page, and edit it in real time. And immediately reflect the edited effect in the browser window. We will introduce this tool in more detail later.
Forms form tool: Its main function is to control the form of the page. Many of these functions are very helpful to the development of form programs. Since our focus is on the layout of CSS web pages, we will not discuss this tool in depth.
Images image tool: You can set the image of the current page, you can display the alt information of all pictures, and you can also set whether to display the background, etc.
Information information tool: This tool is also often used in our CSS web page layout design. We can use it to view the names, placeholders, and other information of all id, class, and table elements in the page. About this tool, we will later A more detailed introduction will be made.

6.X-Forwarded-For Header: Bypass server IP address filtering

  • Use Firefox developer tools to simulate requests
  • F12 Open developer tools
  • Select “Network”, select the address to be simulated, the URL selected in this article is:, click “Edit and Resend”
  • The following points can be modified:

a. Request method GET / POST

b. URL (Url)

c. Request headers (Headers)

d. the request body (Contents), if you modify Contents, you need to modify the content-length length in the headers

7.HackBar: provides a lot of web development related commands, such as urlencode, urldecode and other common commands

Can be called by pressing F9

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.