How To: Securely Configure Firefox

1. ________.__ _______ __
2. / _____/| |__ \ _ \ _______/ |_ ___________
3. / \ ___| | \/ /_\ \ / ___/\ __\/ __ \_ __ \
4. \ \_\ \ Y \ \_/ \\___ \ | | \ ___/| | \/
5. \______ /___| /\_____ /____ > |__| \___ >__|
6. \/ \/ \/ \/ \/
7.  
8.  
9. Secure Firefox Configuration
10. ===============================
11.  
12. /Download Firefox: https://www.mozilla.org/en-US/
13.  
14. /Download other versions of Firefox [Nightly, Aurora, Firefox Beta] from here:
15.  
16. https://www.mozilla.org/en-US/firefox/channel/
17.  
18. /Things marked with "**" are essential for security and privacy.
19.  
20.  
21.  
22.  
23. .::EXTENSIONS::.
24. ==================
25.  
26.  
27. .::Privacy::.
28. ==================
29.  
30. -> **[NoScript]
31. Download: https://addons.mozilla.org/en-us/firefox/addon/noscript/
32. Features: Protects you from XSS and clickjacking attacks, also enables click to load Flash and Java.
33.  
34. -> **[HTTPS-Everywhere]
35. Download: https://www.eff.org/https-everywhere
36. Features: Forces HTTPS whenever possible.
37.  
38. -> **[AdBlock Edge]
39. Download: https://addons.mozilla.org/en-US/firefox/addon/adblock-edge
40. Features: Blocks intrusive and non-intrusive ads on all websites. It also does not have the "Acceptable Ads" feature.
41.  
42. -> **[Random Agent Spoofer]
43. Download: https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer
44. Features: Provides many user agent spoofing options. Over 100 different browsers, has the option to send spoofed headers and much more.
45.  
46. -> **[RequestPolicy]
47. Download: https://addons.mozilla.org/en-us/firefox/addon/requestpolicy/
48. Features: Protects you against CSRF attacks and allows you to be in control of all cross-site requests.
49.  
50. -> **[Cookie Controller]
51. Download: https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/
52. Features: Browse, manage and remove cookies from sites.
53.  
54. -> **[FoxyProxy Standard]
55. Download: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard
56. Features: Advanced proxy management tool for Firefox, way better than the one included with Firefox.
57.  
58. -> **[Disconnect]
59. Download: https://addons.mozilla.org/en-US/firefox/addon/disconnect
60. Features: Stops tracking by about 2000 third party websites, makes loading pages about 27% faster.
61.  
62. -> **[Privacy Badger]
63. Download: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger-firefox
64. Features: Protects privacy by blocking spying ads and invisable trackers.
65.  
66.  
67. .::Tools::.
68. ==================
69.  
70. -> [HackBar]
71. Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar
72. Features: A toolbar to help you intesting SQL injections, XSS holes and site security.
73.  
74. -> [FireBug]
75. Download: https://addons.mozilla.org/en-US/firefox/addon/firebug
76. Features: Allows you to edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
77.  
78. -> [FxIF]
79. Download: https://addons.mozilla.org/en-US/firefox/addon/fxif
80. Features: Allows you to view EXIF data when you right click on a image.
81.  
82. -> [iMacros]
83. Download: https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox
84. Features: Allows you to automate Firefox with macros. Anything you do on your browser can be automated.
85.  
86. -> [Web Developer]
87. Download: https://addons.mozilla.org/en-US/firefox/addon/web-developer
88. Features: A toolbar that adds verious web developer tools to the browser.
89.  
90. -> [Live HTTP Headers]
91. Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
92. Features: Allows you to view HTTP headers of a page and while browsing.
93.  
94. -> [EPUB Reader]
95. Download: https://addons.mozilla.org/en-US/firefox/addon/epubreader
96. Features: Allows you to open and read .epub files within your browser.
97.  
98. -> [DOM Inspector]
99. Download: https://addons.mozilla.org/en-US/firefox/addon/dom-inspector-6622
100. Features: Inspect/edit live DOM of any webpage or XUL application.
101.  
102. -> [ColorZilla]
103. Download: https://addons.mozilla.org/en-us/firefox/addon/colorzilla
104. Features: Advanced eyedropper, color picker, gradient generator and DOM viewer.
105.  
106. -> **[Modify Headers]
107. Download: https://addons.mozilla.org/En-us/firefox/addon/modify-headers
108. Features: Add/Modify/Filter HTTP headers. Useful for mobile development, HTTP testing and privacy.
109.  
110. -> [FlagFox]
111. Download: https://addons.mozilla.org/en-US/firefox/addon/flagfox
112. Features: Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more.
113.  
114. -> [Video Download Helper]
115. Download: https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper
116. Features: Downloads videos and audio from YouTube and other similar sites.
117.  
118. -> [Wappalyzer]
119. Download: https://addons.mozilla.org/en-us/firefox/addon/wappalyzer
120. Features: A browser extension that identifies software on websites.
121.  
122. -> **[CrytoCat]
123. Download: https://addons.mozilla.org/en-US/firefox/addon/cryptocat
124. Features: Instant encrypted conversations, open source, private, safer communications. Uses the OTR encrypted messaging protocol.
125.  
126. -> [SSleuth]
127. https://addons.mozilla.org/en-US/firefox/addon/ssleuth
128. Features: SSleuth ranks an established SSL/TLS connection and gives a brief summary of the cipher suite, certificate and other SSL/TLS parameters.
129.  
130.  
131. .::Customizability::.
132. ======================
133.  
134. -> [Stylish]
135. Download: https://addons.mozilla.org/en-US/firefox/addon/stylish
136. Features: Customize pages with CSS styles.
137.  
138. -> [GreaseMonkey]
139. Download: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey
140. Features: Customize pages with JS scripts.
141.  
142.  
143.  
144.  
145. .::ABOUT:CONFIG SETUP::.
146. =========================
147.  
148. You can access these configurations by typing in "about:config" in the URL bar, click .
149.  
150. -> Turn off the new tab page, and makes it about:blank:
151. browser.newtab.url => about:blank
152.  
153. -> **Turn off Geolocation:
154. geo.enabled => false
155. geo.wifi.uri => 127.0.0.1
156.  
157. -> **Override the useragent to most common useragent [Not needed with UA Switcher]:
158. New > string: general.useragent.override =>
159. Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
160.  
161. -> Force installation of non-updated add-ons:
162. New > boolean: extensions.checkCompatibility.[version #] => false
163.  
164. -> **Disable DNS prefetching:
165. network.prefetch-next => false
166. network.dns.disablePrefetch => false
167. webgl.disabled => true
168. devtools.cache.disabled => true
169. browser.sessionstore.privacy_level => 2
170.  
171. -> **Disable referer headers:
172. network.http.sendRefererHeader => 0
173. network.http.sendSecureXSiteReferrer => false
174. network.http.referer.XOriginPolicy => 1
175. network.http.referer.spoofSource => true
176. network.http.referer.trimmingPolicy => 2
177.  
178. -> **Enable HTTP pipelineing regularly, on SSL pages, and on proxies, respectively:
179. network.http.pipelining => true
180. network.http.pipelining.ssl => true
181. network.http.proxy.pipelining => true
182. network.http.pipelining.maxrequests => 10
183.  
184. -> View page source in your favorite editor:
185. view_source.editor.external => true
186. view_source.editor.path => X:\EnterPath\To\Program\Here
187.  
188. -> **Prevent child windows/tabs from spawning:
189. dom.disable_window_open_feature.resizable => false
190.  
191. -> **Disable insecure RC4 encryption protocol:
192. security.ssl3.ecdhe_ecdsa_rc4_128_sha => false
193. security.ssl3.ecdhe_rsa_rc4_128_sha => false
194. security.ssl3.rsa_rc4_128_md5 => false
195. security.ssl3.rsa_rc4_128_sha => false
196.  
197. -> Increase the amount of connections/requests Firefox will make:
198. network.http.pipelining.maxrequests => 64
199. network.http.max-connections => 512
200. network.http.max-persistent-connections-per-server => 32
201.  
202. -> **Disable Firefox telemetry:
203. toolkit.telemetry.enabled => false
204.  
205. -> Speed up the security delay when installing add-ons:
206. security.dialog_enable_delay => 500
207.  
208. -> Disable tab animations:
209. browser.tabs.animate => false
210.  
211. -> **Allow cookies only from the originating server [Not needed with Cookie Manager]:
212. network.cookie.cookieBehavior => 1
213. network.cookie.lifetimePolicy => 2
214.  
215. -> **Reduce RAM usage for Firefox cache feature:
216. browser.sessionhistory.max_total_viewers => 0
217.  
218. -> Set RAM usage to 10MB when Firefox is minimized:
219. New => boolean: config.trim_on_minimize => true
220.  
221. -> Reduce page loading delay:
222. New => integer: nglayout.initialpaint.delay => 0
223. New => boolean: content.interrupt.parsing => true
224. New => boolean: content.notify.ontimer => true
225. New => integer: content.max.tokenizing.time => 100000
226. New => integer: content.notify.backoffcount => -1
227. New => integer: content.notify.interval => 100000
228. New => integer: content.switch.threshold => 2000000
229.  
230. -> Remove submenu slide delay:
231. New > integer: ui.submenuDelay => 0
232.  
233. -> **Set a "do-not-track" header to tell sites not to track browsing habits:
234. privacy.donottrackheader.enabled => true
235. privacy.donottrackheader.value => 1
236.  
237. -> **Disable Google Blacklists and Safebrowsing:
238. browser.safebrowsing.enabled => false
239. browser.safebrowsing.maleware.enabled => false
240. browser.safebrowsing.appRepURL => blank
241. browser.safebrowsing.downloads.enabled => false
242. browser.safebrowsing.gethashURL => blank
243. browser.safebrowsing.malware.reportURL => blank
244. browser.safebrowsing.reportErrorURL => blank
245. browser.safebrowsing.reportGenericURL => blank
246. browser.safebrowsing.reportMalwareErrorURL => blank
247. browser.safebrowsing.reportMalwareURL => blank
248. browser.safebrowsing.reportPhishURL => blank
249. browser.safebrowsing.reportURL => blank
250. browser.safebrowsing.updateURL => blank
251. services.sync.prefs.sync.browser.safebrowsing.enabled => false
252. services.sync.prefs.sync.browser.safebrowsing.malware.enabled => false
253.  
254. -> **Disable pings:
255. browser.send_pings => false
256. browser.send_pings.require_same_host => true
257.  
258. -> **Disable Firefox health report:
259. datareporting.healthreport.uploadEnabled => flase
260.  
261. -> **Disable DOM storage:
262. dom.storage.enabled => false
263. dom.event.clipboardevents.enabled => false
264.  
265. -> Disable suggestions on searchbar:
266. browser.search.suggest.enabled => false
267.  
268. -> **Disable keywords:
269. keyword.enabled => false
270.  
271. -> Disable certificates:
272. browser.ssl_override_behavior => 2
273.  
274. -> **Disable DNS proxy bypass:
275. network.proxy.socks_remote_dns => true
276.  
277. -> **Disable crash reporting:
278. breakpad.reportURL => blank
279. In application.ini in the Firefox folder,
280. [Crash Reporter]Enabled=1 => [Crash Reporter]Enabled=0
281.  
282. -> **Disable caching on hard drive:
283. browser.cache.disk.enable => false
284. browser.cache.offline.enable => flase
285. browser.cache.disk.capacity => 0
286. browser.cache.offline.capacity => 0
287.  
288. -> **Do not cache HTTP or HTTPS files:
289. network.http.use-cache => false
290.  
291. -> **Disable navigator.sendBeacon:
292. beacon.enable => flase
293.  
294. -> **Disable WebRTC:
295. media.peerconnection.enabled => false
296.  
297. ===========================================================
298.  
299. .-.
300. ( " )
301. /\_.' '._/\
302. | |
303. \ /
304. \ /`
305. .(__) /
306. `.__.' @Gh0sterSec