Up till now, firefox was widely used by hackers and pentesters for their day to day job due to tremendous plugins that would make their work much easier for them. However now a days i prefer google chrome more than firefox, due to wide variety of interesting extensions that may provide a great aid in hacking and pentration testing.
Their are lots and lots of google chrome extension that can be used for hacking, however i have complied a list of my favorite ones, which i use frequently in order to test different types of web applications for security vulnerabilities.
How To Use Google Chrome For Hacking – Extensions
Xss rays would certainly be at the top of my list, XSS rays includes a scanner, XSS reverser and a DOM inspection tool. Although it does makes the browser a bit unstable when you are performing heavy scans, However it’s really handy in detecting XSS attacks. It’s a perfect replacement to XSSME that is used in firefox for detecting XSS attacks.
XSS Rays is a security tool to help pen test large web sites. It’s core features include a XSS scanner, XSS Reverser and object inspection. Need to know how a certain page filters output? Don’t have the source? No problem. XSS Rays will blackbox reverse a XSS filter without needing the source code.
Websecurify Scanner is a really powerful scanner capable of detecting lots of web application attacks. Although it generates lots of false positives, mostly related to CSRF attacks. However it’s really handy in detecting XSS attacks. It’s fully awesome automated and very user friendly.
1. All you need to do is to install the websecurity scanner from the link above and visit the following page:
2. Just enter the URL and it will automatically start scanning.
HPP finder is capable of easily detecting Http Parameter Pollution attacks. HTTP Parameter Pollution is newest type of web application attacks, Their is not very much information available on it as compared to other attacks such as XSS, SQL injection. However the one that’s available is very handy.
HTTP Parameter Pollution (HPP) is a recently discovered web exploitation technique. Please read the NDSS 2010 paper for more details about the technique. HPP Finder is a Chrome extension designed for detecting HPP attempts. HPP Finder can detect URLs and HTML forms that might be susceptible of parameter pollution, but it is not a complete solution against HPP.
XSS Chef is a perfect replacement to BEEF (Browser Exploitation Framework) for google chrome, XSS chef will ease your exploitation process. I will write a complete tutorial on it.
Cookie Editor is a very useful google chrome extension for hackers, I mostly use it, when i am performing session hijacking attacks.