Samurai Web Testing Framework (WTF) Firefox Add-ons Collection
On June 2009 Mozilla released the add-ons collections feature on their add-ons web site. As a member and contributor to the SamuraiWTF project, I would like to announce the release of the SamuraiWTF Firefox add-ons collection!
The Samurai Web Testing Framework (WTF) is a LiveCD focused on web application testing. It contains a pre-installed collection of the top web application penetration testing tools, becoming the perfect environment for testing applications.
The goal of this Firefox collection is to include the best add-ons for web application penetration testing and offensive security analysis, to convert your browser in the ultimate pen-testing tool. It is aligned with the Samurai Web Testing Framework (WTK) LiveCD distribution. I plan to keep the collection updated with new web-app pen-testing add-ons, but I would like to carefully evaluate new additions (or replacements) so that the list doesn't grow to limits where it becomes unmanageable. It includes 19 add-ons at this time.
As of today, it seems it is not possible to install all add-ons from a collection with a single click. The current SamuraiWTF add-ons collection can be installed on the latest Firefox version, v3.5, with the exception of the "Add N Edit Cookies" add-on. Although this add-on works in Firefox 3.5.*, it cannot be directly installed. There is a quick hack you can apply to install it on Firefox 3.5 until the official version is updated by its developer:
by: Put (drag & drop) the new "install.rdf" file back into the ZIP archive, and it will automatically replace the old version of the file. Change back the ZIP extension on the file to XPI. At this point, you can install the recently modified XPI add-on in Firefox 3.5.
Once you install all the add-ons within the SamuraiWTF collection, one by one, the look and feel of your Firefox browser will notably change. I recommend you to hide the add-ons toolbars visible by default. You can individually enable them at any time, such as when you are going to use each specific add-on:
Please, take a look at the collection, feel free to share your thoughts/comments (send me an e-mail), vote for this collection if you find it useful, and enjoy it!
- Go to the "Add N Edit Cookies" add-on webpage with a compatible old Firefox version, or with a different browser like Internet Explorer, and download the add-on (XPI file).
- Change the XPI extension on the file to ZIP.
- Extract the "install.rdf" file from the ZIP archive.
- Edit the "install.rdf" file and replace the following line (maximum version):
<em:maxversion>3.0.*</em:maxversion>
<em:maxversion>3.5.*</em:maxversion>
- Go to the "View" menu and select "Toolbars".
- Deselect "Access Me Toolbar", "Web Developer Toolbar", and (specially) "HackBar".
Please, take a look at the collection, feel free to share your thoughts/comments (send me an e-mail), vote for this collection if you find it useful, and enjoy it!
Labels: Pentest
2 Comments:
Great work guys!
I only have a couple suggestions of FF tools to add to the kit:
Tamper Data - quick and dirty way to manipulate GET & POST requests
Live HTTP Headers -
maybe FireFtp for those servers that have FTP open
Hi Scott,
Thanks for your comments!
Tamper Data is on the collection ;) I know it is difficult to see them all ;)
I didn't add Live HTTP headers as it does not allow to intercept requests, but to re-submit them after they were sent at least once. Tamper Data definitely replaces it.
Finally, we didn't add add-ons for other protocols as we are just focused on web testing, but FireFTP is a great add-on for FTP analysis.
Post a Comment
<< Home