Chrome Extensions for Security Professionals

10/07/2011

Google Chrome Extensions

During Recent days we have seen a phenomenal increase in usage of Google Chrome Browser, however Security Professionals are still looking at Firefox for there day to day life usage, the basic reason behind it is large set of firefox extensions backing it up, we have also custom builds like OWASP Mantra doing the round.

So for those who love using Google Chrome and still miss the large plugin base here is a list of must have plugin set for the Security professional’s.

Note : Usage could be offensive and defensive both, its upto the user to decide. the content here is for informational purpose only

CAUTION : LONG POST …. continue below only if you can give time coz this post is large.

Find below list of plugin’s i found to be useful :

I have added details from chrome store and where ever found necessary I added my own comments

Web developer toolbar of firefox in its full glory.

Encoding/Decoding Plugin for various types of encoding like base64, rot13 or unix timestamp conversion

Xss Detection and protections tools

Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages,
tamper with the URL, headers and POST data and, of course, make new requests.
Request Maker only captures requests sent via HTML forms and XMLHttpRequests

Edit This Cookie is a cookie manager. You can add, delete, edit, search, protect and block cookies

  • Port Scanner for All Hosts : https://chrome.google.com/webstore/detail/jdcggkdokjkfheicojgdkiemchjioaaa

Simplistic Port scanner doing a simple port scan for well known ports.

  • Chrome Whois : https://chrome.google.com/webstore/detail/jmmjpmkbadbdjphkkbmfchoidgbpnppg

Whois Information display within chrome browser

For those who don’t like Developers tools @ chrome and want to keep sync with good old firebug

Google Chrome extension that lets you quickly view HTTP Response Headers of a URL.

See geolocation, DNS, whois, routing, search results, hosting, domain neighbors, BGP and ASN info of every IP address (IPv4 & IPv6).

  • Not Scripts : https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn

A clever extension that provides a high degree of ‘NoScript’ like control of javascript, iframes, and plugins on Google Chrome.

A nice drop in replacement for Foxy Proxy and very good in working.

Note of caution : if using on windows this also switches the proxy settings for IE.

Session Manager lets you save sessions of your opened tabs and windows, and to quickly re-open them whenever you like.

Swap cookies between two accounts

  • HTTP Response Browser : https://chrome.google.com/webstore/detail/mgekankhbggjkjpcbhacjgflbacnpljm?hl=en-US

Make HTTP requests from you browser and browse the response.

  • REST Client : https://chrome.google.com/webstore/detail/ahdjpgllmllekelefacdedbjnjaplfjn?hl=en-US

Helper for web developers for creating custom HTTP requests.

Tools like ping, tracert, W3C validator, dns blackhole list, dns lookup, domain neighbors and whois information.

Displays DNS records for the current page.

Grease Monkey drop in replacement

Displays latest 5 of exploitdb.

Displays the technologies used in the website, Frameworks, CMS, scripting etc

Perform a Websecurify scan inside your browser.

  • Norton Web Safe : https://chrome.google.com/webstore/detail/jgeljojcemiefdiciedakpojojfmbhba?hl=en-US

Uses Norton SafeWeb API but we are NOT affiliated with Symantec!

  • QR / Bar Code Decoder : https://chrome.google.com/webstore/detail/fdbaidolhfnecgiloehbailojonjaloa?hl=en-US

QR & other BARcodes images in one click Decoding. Also can Encode selected text or current URL to QR code in one click, like others.

  • URL Shortner and Expander : https://chrome.google.com/webstore/detail/eclilalbnmdonojgjmkekinflhodgoii?hl=en-US

Supports upto 50 different services you can expand any url you receive before clicking on it and following the link.

Displays the Web server of the current page.

Note : this may break some pages.

This version allows to see asterisk and hidden fields

Adds one-click Google Safe Browsing diagnostic to your toolbar

Not Exactly related but helpful plugin’s

  • Password Security Tester : https://chrome.google.com/webstore/detail/gfbpikfinaalbpbapnejhimpljlleikl

Test’s how secure is your password specially how easily it is to crack the password based on complexity.

  • Secure Login Helper : https://chrome.google.com/webstore/detail/gbnlondidnnfmfnglkpaoagecnkkpcjp

Redirects to Secure version if it exists.

  • Search file sharing : https://chrome.google.com/webstore/detail/cboohmbnadgdglnfblieggkgbapdkmjk

Simple search into public file sharing sites.

  • Download Master : https://chrome.google.com/webstore/detail/hdjacnejoohiamgmaciljlpniffgkojd?hl=en-US

Download Helper

Ads were yesterday! The successful extension Adblock Plus is now available for Google Chrome™.

Disable all extensions in one click, or enable all extensions in one click.
you also can enable or disable or uninstall the extensions one by one.
  • W3Spy : https://chrome.google.com/webstore/detail/doahnaigbgiblgnjhhaekbffljjpmacg?hl=en-US

This extension displays an icon in Google Chrome’s top bar; On-click, it will load a complete website report for the currently visible website. Powered by: W3Spy.net

 

Please add any other extensions if i missed anything.

8 thoughts on “Chrome Extensions for Security Professionals”

  7. Sander

    Thanks for the list of useful plugins. I’m no computer geek but I think I can follow the steps. You’re articles have been very helpful in every little way. Thanks for sharing!

    Reply

  8. Pingback: Browser-based penetration testing with Firefox and Chrome « Doug Vitale Tech Blog

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top