Browser-based penetration testing with Firefox and Chrome
With the proper extensions installed, you can hack from the comfort of your Firefox or Chrome browser. Within Firefox, add-ons are divided into three categories: extensions, appearance themes, and plugins. Extensions extend the functionality of Firefox past simple web browsing. Appearance themes change the way Firefox looks, and plugins are necessary for Firefox to display specialized non-HTML Web content such as Flash, Java script, multimedia, etc.
Google Chrome labels all add-ons as “extensions”. The Chrome website lists them in the same column as “Apps” and “Themes”.
You can turn Firefox into a hacking platform by installing FireCAT, which is a collection of security auditing and assessment tools in the form of browser extensions. Of course, you must first install Firefox before installing the FireCAT suite.
Alternatively you can download all the FireCAT extensions in a single .zip file for offline installation from the Firecat ToolsWatch page or the Firecat Sourceforge page (currently one version behind ToolsWatch). The .zip file contains all the extensions in .xpi format. Additionally it contains an HTML page with links to the extensions’ unique pages on addons.mozilla.org.
Other collections of hacking extensions are available on PenTestLab and addons.mozilla.org. These lists contains several extensions not found in FireCAT, such as HttpFox, ShowIP, CipherFox, and CryptoFox.
Mantra is more than a suite of Firefox extensions; it is a customized edition of Firefox itself created by the Open Web Application Security Project (OWASP). It can be downloaded from GetMantra.com or the Mantra SourceForge page. Not only does Mantra contain a slew of useful hacking extensions, but it also comes with dozens of handy links to websites dealing with penetration testing and vulnerability assessments.
Mantra is a portable application, meaning that it does not have to be installed like traditional programs. Instead, you download the Mantra .exe file and extract the contents to a directory of your choice, such as C:\users\yourname\software. The extraction process will create a MantraPortable folder in this location, and inside this folder you will find MantraPortable.exe. Just launch this executable and the Mantra browser will initiate. The benefit of this portability is that you could copy the contents of the MantraPortable folder onto any media (such as a USB drive) and then run Mantra on any computer you connect the drive to.
KromCAT is just like FireCAT but for the Google Chrome browser. Although the main KromCAT site is currently down, links to the individual Chrome extensions are available from the Google cache snapshot. KromCAT itself can still be obtained from 4-shared.eu.
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book using the links below. Thanks!