Monday 9 January 2012

Useful Chrome Extensions regarding Pentesting

There are really a lot of different and useful Extensions for Google Chrome that can be used when executing a Pentest. Right now there are more pentesting Add-Ons available for Firefox, but the pentesting Extensions are growing pretty fast. So here is a short overview:

A good starting point is the project KromCAT (Google Chrome Catalog of Auditing exTensions). KromCAT is providing a Mindmap that is categorizing security and audit Extensions regarding Google  Chrome. You can download this catalogue in HTML, the actual Mindmap or a JPG of it. The result of the KromCAT project is also the basis for Mantra on Chrome. Mantra is a special Chrome version that has been adapted for students, penetration testers, web application developers, security professionals etc. and contains almost all Extensions of the KromCAT Mindmap.

As there is already a catalogue of Extensions maintained by KromCAT I don't want to start my own list here. I just want to point out some Extensions that are quite useful for me. I'm not using Extensions for XSS scanning or tampering HTTP data (especially because Extensions like XSS Rays never worked for me). There are better tools like burp that can do this kind of things. All of these Extensions are still working with the latest version of Google Chrome and are making my life easier when testing a web application:

Session Manager
This Extension is quite useful to save all your open tabs in one session to open it later in the same alignment.

Firebug Lite
Firebug for Google Chrome

Web Developer
A web developer Toolbar

IP Address and Domain Information
Quite useful Extension in information gathering phase to discover a big amount of information by one click about a certain IP or Domain.

Awesome Screenshot
Great Extension to take and modify a screenshot.

Proxy Switchy!
Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.

With this ext, you can make notes on any web page, any position. when you open that page again, the notes get loaded automaticly.    

No comments:

Post a Comment