Tuesday, February 02, 2010

toolsmith: Firefox Addons for the Security-minded



Few websites are safe from a hearty probe when I come by for a visit, and I'd be remiss if I didn't share some of my favorite Firefox add-ons utilized as part of said probing.
I opted to do just this as the topic for February's toolsmith, and focused on the expected standards (NoScript, FoxyProxy Standard, BetterPrivacy, and Torbutton) as well as some of my less known favorites.

PassiveRecon
Justin Morehouse’s PassiveRecon will let you dig up everything you ever wanted to know about a given site you may be browsing or analyzing.

WorldIP
WorldIP from WIPmania.com is very cool and very useful.
It provides everything you could every need to know or trace with regard to IP addresses and geolocation.

Groundspeed
I saved the best for last; a new powerhouse in my web app sec arsenal.
Felipe Moreno-Strauch’s Groundspeed, a newer add-on “that allows security testers to manipulate the application user interface to eliminate annoying limitations and client-side controls that interfere with the web application penetration tests.”
And this it does well. ;-)

The article is live for your reading pleasure here.

Cheers and enjoy.

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

1 comment:

cdman83 said...

Thanks for the list, I've discovered a couple I did not know about.

One (security) extension which wasn't in the list (and which I use) is RequestPolicy: http://www.requestpolicy.com/

It's basically "NoScript on steroids". It will definitely break the sites you brows :-), but at the same time it gives you a very fine-grained control.