Web Pentesting για Mozilla Firefox

1.Tamper Data : https://addons.mozilla.org/En-us/firefox/addon/tamper-data/

Tamper Data is one of the most useful add-ons for pentesters, It is used to view and modify HTTP/HTTPS headers and post parameters as well as trace HTTP response or requests. It can also be used for testing web app security by modifying POST parameters and much more.

2. HackBar : https://addons.mozilla.org/en-US/firefox/addon/hackbar/
Hack Bar is another widely used add-on because it has numerous security audit and light penetration testing tools. It's quick, light and easy to use for XSS, SQL encoding/decoding as well as Hexing and Splitting. Hack Bar comes with an inbuilt feature of encoding and decoding common encryption like MD5, SH1, Base64 etc.

3. User Agent Switcher : https://addons.mozilla.org/en-us/firefox/addon/user-agent-switcher/

This is most useful tool when you're testing for multiple browser vulnerabilities, Yes it can switch user agent. The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser. It can help you changing the User Agent to IE, Search Robots, I-Phone (I-OS), or you can also create your own User Agent.

4. Cookie Manager+ : https://addons.mozilla.org/en-us/firefox/addon/cookies-manager-plus/

Cookie manager can help you to view, edit, create and inject cookies etc. It also shows extra information about cookies, allows edit multiple cookies at once as well as backup/restore.

5. HttpFox : https://addons.mozilla.org/en-us/firefox/addon/httpfox/

HTTP-Fox monitors and analyzes all incoming and outgoing HTTP traffic between the browser and the web servers. It aims to bring the functionality known from tools like HTTP watch or IE Inspector to the Firefox browser.

6. Live HTTP Headers : https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

It is another great alternative to Tamper Data but with huge difference for e.g viewing HTTP headers of a page while browsing. It is mostly used to Inject payloads and fetch server response information very quickly.

7. PassiveRecon : https://addons.mozilla.org/en-us/firefox/addon/passiverecon/

PassiveRecon provides information security professionals with the ability to perform "packetless" discovery of target resources utilizing publicly available information. One of the most wanted information gathering tool.

8. XSS Me : https://addons.mozilla.org/en-us/firefox/addon/xss-me/

Cross-Site Scripting (XSS) is a common flaw found in today's web applications. XSS flaws can cause serious damage to a web application. Detecting XSS vulnerabilities early in the development process will help protect a web application from unnecessary flaws. XSS-Me is the exploit-me tool used to test for XSS flaws.