"I wrote about three of my favorite Firefox extensions that help me
stay safe when I'm browsing the darker areas of the Web and incoming
email. Today, let's look at three other extensions: Those that can turn
Firefox into a feature-filled, Web-hacking weapon. These extensions
aren't required to use Firefox for hacking Web applications, but they
certainly make it a lot easier.
If I could only install one "offensive" extension, it would
absolutely be Tamper Data. In the past, I used Paros Proxy and Burp
Suite for intercepting requests and responses between my Web browser
and the Web server. These tasks can now be done within Firefox via
Tamper Data — without configuring the proxy settings.
If the Website you're trying to break into requires a unique
cookie, referrer, or user-agent, intercept the request with Tamper Data
before it gets sent to the Web server. Then, add or modify the
attributes you need and send it on. It's even possible to modify the
response from the Web server before the Web browser interprets it. It's
a very nice tool for anyone interested in Web application security.
Paros and Burp both have features not yet available in Tamper
Data, such as site spidering and vulnerability scanning. Switching over
to one of them as a proxy is much easier with SwitchProxy, which helps
you quickly configure Firefox to use Paros and Proxy. It's not a purely
"offensive" extension, but SwitchProxy it makes the configuration of
proxies for Firefox much quicker.
Article Link: http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=136029&WT.svl=tease2_2
