Firefox: a (web application) Pen-Testers platform
Mozilla Firefox thanks to it addons can truly be a web application pen-testers platform. And this concept is not new, is it?
I think that Firefox started to be seen as a potential web application pen-test platform somewhere in 2006, around the time that the article Hacking Web 2.0 Applications with Firefox popped up on SecurityFocus.
The second major thing that spread this concept was, after my opinion, the FireCAT (Firefox Catalog of Auditing Toolbox), which by now has reached it’s 1.5 version. It has many addons listed, but I think that for pen-testing the starred ones are enough. Although for experimenting you may use the others too.
If you would like to try them out, I would recommend you to create a different Firefox profile… At the high number of plugins, the browser could freeze up. You could have, for example, different profiles for different sets of addons, tasks: blogging, hacking, sharing (p2p/torrents), etc.
For creating Firefox profiles you only have to add two parameters to the command line. The command is:
firefox.exe -no-remote -ProfileManager
Or modify it in the shortcut properties, after the quotes that surround the path to the firefox.exe file. If all is fine, than at every start the Profile Manager should pop up, thus letting you choose/create/delete/rename profiles.
I think that now that you have seen some insights on this matter you would agree that Firefox may as well be the best “platform” for web application pen-testing.
