During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round.
So for those who love using Google Chrome and still miss the large plugin base here is a list of must have plugin set for the Security professional’s.
Note : Usage could be offensive and defensive both, its upto the user to decide. the content here is for informational purpose only
CAUTION : LONG POST …. continue below only if you can give time coz this post is large.
Find below list of plugin’s i found to be useful :
I have added details from chrome store and where ever found necessary I added my own comments
- Web Developer toolbar : https://chrome.google.com/webstore/detail/bfbameneiokkgbdmiekhjnmfkcnldhhm
Web developer toolbar of firefox in its full glory.
- Encooder / Decoder : https://chrome.google.com/webstore/detail/gncnbkghencmkfgeepfaonmegemakcol
Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion
- XSS Rays : https://chrome.google.com/webstore/detail/kkopfbcgaebdaklghbnfmjeeonmabidj
- Anti XSS : https://chrome.google.com/webstore/detail/pohooglepenpccfcljdhhbmojeghijno
Xss Detection and protections tools
- HTTP Request Maker : https://chrome.google.com/webstore/detail/kajfghlhfkcocafkcjlajldicbikpgnp?hl=en-US
Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Request Maker only captures requests sent via HTML forms and XMLHttpRequests
Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies
- Port Scanner for All Hosts : https://chrome.google.com/webstore/detail/jdcggkdokjkfheicojgdkiemchjioaaa
Simplistic Port scanner doing a simple port scan for well known ports.
Whois Information display within chrome browser
- Firebug lite for Chrome : https://chrome.google.com/webstore/detail/bmagokdooijbeehmkpknfglimnifench
For those who don’t like Developers tools @ chrome and want to keep sync with good old firebug
Google Chrome extension that lets you quickly view HTTP Response Headers of a URL.
- IP Address information : https://chrome.google.com/webstore/detail/lhgkegeccnckoiliokondpaaalbhafoa
See geolocation, DNS, whois, routing, search results, hosting, domain neighbors, BGP and ASN info of every IP address (IPv4 & IPv6).
A clever extension that provides a high degree of ‘NoScript’ like control of javascript, iframes, and plugins on Google Chrome.
A nice drop in replacement for Foxy Proxy and very good in working.
Note of caution : if using on windows this also switches the proxy settings for IE.
Session Manager lets you save sessions of your opened tabs and windows, and to quickly re-open them whenever you like.
Swap cookies between two accounts
- HTTP Response Browser : https://chrome.google.com/webstore/detail/mgekankhbggjkjpcbhacjgflbacnpljm?hl=en-US
Make HTTP requests from you browser and browse the response.
Helper for web developers for creating custom HTTP requests.
- Network Utilities : https://chrome.google.com/webstore/detail/ekpdpmpcgcmpaeokmclflfpadaklgpji?hl=en-US
Tools like ping, tracert, W3C validator, dns blackhole list, dns lookup, domain neighbors and whois information.
Displays DNS records for the current page.
Grease Monkey drop in replacement
- Exploit DB latest : https://chrome.google.com/webstore/detail/lkgjhdamnlnhppkolhfiocgnpciaiane
Displays latest 5 of exploitdb.
- Wappalyzer : https://chrome.google.com/webstore/detail/gppongmhjkpfnbhagpmjfkannfbllamg
- Web Technology Notifier : https://chrome.google.com/webstore/detail/fnpgnmindcbkjbpblcklealdhnogmlko
Displays the technologies used in the website, Frameworks, CMS, scripting etc
Perform a Websecurify scan inside your browser.
- Norton Web Safe : https://chrome.google.com/webstore/detail/jgeljojcemiefdiciedakpojojfmbhba?hl=en-US
Uses Norton SafeWeb API but we are NOT affiliated with Symantec!
- QR / Bar Code Decoder : https://chrome.google.com/webstore/detail/fdbaidolhfnecgiloehbailojonjaloa?hl=en-US
QR & other BARcodes images in one click Decoding. Also can Encode selected text or current URL to QR code in one click, like others.
- URL Shortner and Expander : https://chrome.google.com/webstore/detail/eclilalbnmdonojgjmkekinflhodgoii?hl=en-US
Supports upto 50 different services you can expand any url you receive before clicking on it and following the link.
- Web Server Notifier : https://chrome.google.com/webstore/detail/najdkmbedaehkepolllmpdfccdgooajh?hl=en-US
Displays the Web server of the current page.
Note : this may break some pages.
- Password and hidden Revealer : https://chrome.google.com/webstore/detail/fgeopcldenngppapceagonnenonklpbn?hl=en-US
This version allows to see asterisk and hidden fields
- Google Safe Browsing Check : https://chrome.google.com/webstore/detail/kcghpcmaemminjmoifneclajoomafben?hl=en-US
Adds one-click Google Safe Browsing diagnostic to your toolbar
Not Exactly related but helpful plugin’s
- Password Security Tester : https://chrome.google.com/webstore/detail/gfbpikfinaalbpbapnejhimpljlleikl
Test’s how secure is your password specially how easily it is to crack the password based on complexity.
- Secure Login Helper : https://chrome.google.com/webstore/detail/gbnlondidnnfmfnglkpaoagecnkkpcjp
Redirects to Secure version if it exists.
- Search file sharing : https://chrome.google.com/webstore/detail/cboohmbnadgdglnfblieggkgbapdkmjk
Simple search into public file sharing sites.
- Download Master : https://chrome.google.com/webstore/detail/hdjacnejoohiamgmaciljlpniffgkojd?hl=en-US
Download Helper
Ads were yesterday! The successful extension Adblock Plus is now available for Google Chrome™.
- Disable Extension : https://chrome.google.com/webstore/detail/ejhdjfmkegkpenillofhpmikailkjpkb?hl=en-US
Disable all extensions in one click, or enable all extensions in one click. you also can enable or disable or uninstall the extensions one by one.
This extension displays an icon in Google Chrome’s top bar; On-click, it will load a complete website report for the currently visible website. Powered by: W3Spy.net
Please add any other extensions if i missed anything.
No Passive Cache? https://chrome.google.com/webstore/detail/iifhekoepobpejmipdmpfjhiniggjdag
VirusTotal for Chrome (VTchromizer)
http://www.virustotal.com/advanced.html#browser-addons
two More plugin’s suggested by Arjun Pednekar (via Email)
HPP Finder
https://chrome.google.com/webstore/detail/nogojgcobcolombicplhimbbakkcmhio
DOMSnitch (In case DOMinator has broken your Firefox browser like mine)
https://code.google.com/p/domsnitch/
Anant
You have real posted helpful article.
Totally a brilliant collection of extensions list. XSS and few more extensions comes handy..
Robin.
We produce the ‘Recx Security Analyzer’, it’s designed more for development and QA but can be of use to security pros as well.
https://chrome.google.com/webstore/detail/ljafjhbjenhgcgnikniijchkngljgjda?hc=search&hcp=main
We wrote a blog post on how it was developed:
http://recxltd.blogspot.com/2011/08/how-we-built-recx-security-analyzer.html
Thanks for the list of useful plugins. I’m no computer geek but I think I can follow the steps. You’re articles have been very helpful in every little way. Thanks for sharing!
Pingback: Browser-based penetration testing with Firefox and Chrome « Doug Vitale Tech Blog