API tools faq
paste
ZeusOdin

chrome extensions

ZeusOdin
May 5th, 2015
565
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 5 10.04 KB | None | 0 0
raw download clone embed print report
  1. Web Developer, is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.Add Web Developer Extension in Chrome here: https://chrome.google.com/webstore/detail/web-developer/bfbameneiokkgbdmiekhjnmfkcnldhhm
  2. Firebug Lite for Google Chrome, provides a rich visual environment to analyze HTML elements, DOM elements and other Box Model Shading. It also provides live CSS editing. It helps in analyzing how an application is working on the client’s side.
  3.  
  4. Add Firebug Lite to Google Chrome: https://chrome.google.com/webstore/detail/firebug-lite-for-google-c/bmagokdooijbeehmkpknfglimnifench
  5. d3coder, is another nice Google Chrome extension that helps penetration testers. It enables us to encode and decode selected text via context menu. Thus it reduces the time to encode and decode strings by using separate tools. This extension can perform a wide range of functions. See the list below:
  6. Timestamp decoding
  7. rot13 en-/decoding
  8. base64 encoding
  9. base64 decoding
  10. CRC32 hashing
  11. MD5 hashing
  12. SHA1 hashing
  13. bin2hex
  14. bin2txt
  15. HTML entity encoding
  16. HTML entity decoding
  17. HTML special chars encoding
  18. HTML special chars decoding
  19. URI encoding
  20. URI decoding
  21. Quoted printable decoding
  22. Quoted printable encoding
  23. Escapeshellarg
  24. Base64 decode
  25. Base64 encode
  26. Unserialize
  27. L33T-en/decode
  28. Reverse
  29. Add d3coder extension to Google Chrome:https://chrome.google.com/webstore/detail/d3coder/gncnbkghencmkfgeepfaonmegemakcol?hl=en-US
  30. Site Spider, is an extension that adds a crawler in Chrome. It crawls all pages and reports all broken links. One can also restrict the spider by adding restrictions and regular expressions, it works at the client’s side. It can also use your authentication to access all pages. This extension is opensource. So, you can easily modify it according to your needs.Add Site Spider to Google Chrome: https://chrome.google.com/webstore/detail/site-spider/ddlodfbcplakmddhdlffebcggbbighda
  31. Form Fuzzer, is used to populate predefined characters into different form fields. It can also select checkboxes, radio buttons and select items in forms. It has a configuration menu where you can manage all settings of the extension. It is really helpful in testing forms. You can set payloads for forms and then populate payloads quickly with this nice tool. Really helpful in performing XSS and SQL injection attacks.Add Form Fuzzer to Google Chrome: https://chrome.google.com/webstore/detail/form-fuzzer/cbpplldpcdcfejdaldmnfhlodoadjhii
  32. Session Manager, is a powerful Chrome extension that lets users save, update, restore, and remove sets of tabs. You can create a group of tabs of the same interest and then restore those pages in one click. If you open few specific pages daily, and create groups of those pages and then open with a single click.Add Session Manager to Google Chrome: https://chrome.google.com/webstore/detail/session-manager/mghenlmbmjcpehccoangkdpagbcbkdpc
  33. Request Maker, is a core penetration testing tool. It’s used in creating and capturing requests, tampering the URL, and making new headers with post data. It can capture requests made via forms or XMLHttpRequests. You can see the function of this tool is similar to Burp. It’s also helpful in performing various kind of attacks in a web applications by modifying http requests.Add Request Maker to Google Chrome: https://chrome.google.com/webstore/detail/request-maker/kajfghlhfkcocafkcjlajldicbikpgnp
  34. Proxy SwitchySharp, is a proxy extension that helps in managing and switching between multiple proxies quickly. It also has an option to set auto proxy switching based on URL. You can also import or export data easily. With proxy switcher, we can hide IP addresses and perform penetration testing tasks to check how a person can attack with proxy servers.Add Proxy SwitchySharp to Google Chrome: https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm/details
  35. Cookie Editor, is a nice Chrome extension that lets users edit cookies. This tool is really helpful while hijacking vulnerable test sessions. It lets users delete, edit, add/or search cookies. It also lets users protect, block or export cookies in json. You can play with cookies as you want. This extension is ad-supported and all revenue goes to Unicef to help children worldwide. But Ads are not necessary and you can disable anytime from the extension settings page.Add Edit This Cookie to Google Chrome: https://chrome.google.com/webstore/detail/edit-this-cookie/fngmhnnpilhplaeedifhccceomclgfbg
  36. Cache Killer, is another nice extension that automatically cleans the browser cache before loading pages. It can be easily enabled or disabled with a single mouse click. It’s useful to bypass the browser cache and see the exact website in case it’s changing. This is much useful for web developers.Add Cache Killer Extension to Google Chrome: https://chrome.google.com/webstore/detail/cache-killer/jpfbieopdmepaolggioebjmedmclkbap
  37. XSS Rays, is a nice extension that helps in finding XSS vulnerability in a website. It finds how a website is filtering the code. It also checks for injections and inspects objects. You can also easily extract, view and edit forms non-destructively even if forms cannot be edited. So many penetration testers use this extension as a dedicated XSS testing tool. It’s pure JavaScript XSS scanner. You can read more about XSS Rays here.Add XSS rays to Google Chrome: https://chrome.google.com/webstore/detail/xss-rays/kkopfbcgaebdaklghbnfmjeeonmabidj
  38. WebSecurify, is a powerful cross platform web security testing tool. It’s available for various desktop, mobile platforms and browsers. This is the first web security tool that runs directly from the browser. It’s capable of finding XSS, XSRF, CSRF, SQL Injection, File upload, URL redirection and various other security vulnerabilities. It has a built in crawler that scans and crawls pages. Then it will try to find vulnerability on pages. It’s not a fully automatic tool. It lists possible vulnerability on the URL. You will need to confirm the vulnerability manually. We have already covered the websecurify tool in detail. You can check older posts to read more on how this tool works and how to master websecurify for penetration testing. While scanning, it pulls all features from the WebSecurify server, so you do not need to worry about database updates. The vulnerability engine will be updated at all times. Penetration testing tools are just a click away. Use this either as a browser tool or desktop tool.Add Websecurify to Google Chrome:https://chrome.google.com/webstore/detail/websecurify/gbecpbaknodhccppnfndfmjifmonefdm
  39. Port Scanner, Google Chrome extension adds port scanning capabilities to the browser. With this extension, you will be able to scan which TCP ports are listening. Port Scanner analyzes any given IP or URL addresses, and then will scan for open ports to help you to secure them. It is also available for Opera and Mozilla Firefox.Add Port Scanner to Google Chrome: https://chrome.google.com/webstore/detail/port-scanner/jicgaglejpnmiodpgjidiofpjmfmlgjo
  40. XSS chef, is the popular Chrome extension that works directly in the browser. It helps us in identifying XSS vulnerability in a web application. It’s similar to BeEF but for browsers. It performs following tasks:
  41. Monitor open tabs of victims
  42. Execute JS on every tab (global XSS)
  43. Extract HTML, read/write cookies (also httpOnly), local Storage
  44. Get and manipulate browser history
  45. Stay persistent until whole browser is closed (or even further if you can persist in extensions’ local Storage)
  46. Make screenshot of victims window
  47. Further exploit e.g. via attaching BeEF hooks, keyloggers etc.
  48. Explore filesystem through file:// protocol
  49. Bypass Chrome extensions content script sandbox to interact directly with page JS
  50. This is not an extension but a framework. So, installation is not same as any other extension. Read the official link of XSS Chef given below and learn how to install it in Chrome.Add XSS chef to Google Chrome: https://github.com/koto/xsschef
  51. HPP Finder, is another nice extension. It is useful in finding HTTP Parameter Pollution (HPP) vulnerability and exploit it. This tool can easily detect and exploit the HTML Forms or URLs that might be susceptible of HTTP Parameter Pollution attacks. This tool can only find the vulnerability points but is not a solution against the vulnerability.
  52.  
  53. Add HPP Finder in Google Chrome: https://chrome.google.com/webstore/detail/hpp-finder/nogojgcobcolombicplhimbbakkcmhio
  54. The Exploit Database, is not a penetration testing tool, but it keeps you updated with all latest exploits, shell code and white papers available on Exploit DB server. It’s an open source tool and source code can be found here:http://github.com/10n1z3d/EDBE
  55.  
  56. Add The Exploit Database extension in chrome: https://chrome.google.com/webstore/detail/the-exploit-database/lkgjhdamnlnhppkolhfiocgnpciaiane
  57. GHDB, is a nice Google hack query search. This nice extension help you in searching for necessary Google hack querys for finding specific pages based on special Google search parameters. It allows you in understanding the basis of web security in a better way.Add GHDB in Google Chrome:https://chrome.google.com/webstore/detail/ghdb/jopoimgcafajndmonondpmlknbahbgdb
  58. iMacros for Chrome, while performing various web page testing processes, you may need to automate few repetitive tasks on the web. For this, you can use iMacros for Chrome extensions. So, next time when you need this kind of thing, Use the macro and then start it with a click button.
  59.  
  60. Install iMacros for Chrome in Chrome: https://chrome.google.com/webstore/detail/imacros-for-chrome/cplklnmnlbnpmjogncfgfijoopmnlemp
  61. IP Address and Domain Information, is an information gathering extension that can help you in finding geolocation, DNS, whois, routing, search results, hosting, domain neighbors, DNSBL, BGP and ASN information of every IP address (IPv4 and IPv6).
  62.  
  63. Add it to Chrome: https://chrome.google.com/webstore/detail/ip-address-and-domain-inf/lhgkegeccnckoiliokondpaaalbhafoa
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!