List of Chrome Browser Extensions for Security Analysts (Pentests) | BOT24

List of Chrome Browser Extensions for Security Analysts (Pentests)

For those who are not aware that these extenstions exist.....
List of chrome browser extensions that can be useful while performing application security assessments. On the sidenote, a similar collection exists for Firefox users – check SecFox at Mozilla Addons Collection site
Note: Below table will be updated regularly. If you find any addons that are not listed but might be useful while conducting pentests, please mention in comments. Click Chrome Store URL to access the various extentions 

NameDescriptionChrome Store URLDeveloperKeywords
AntiXSSdetect possible weak points and xss attacksChrome WebStore LinkXSS, Scanner
BuiltWithBuiltWith is a web site profiler tool. Displays the frameworks and other libraries with which that website is builtChrome WebStore LinklinkApplication Fingerprinting
Chrome IE Tab MultiRun ActiveX controls on ChromeChrome WebStore LinklinkActiveX testing
Chrome SnifferThis extension will help web developer to inspect web framework / CMS and javascript library running on current browsing website. An icon will appear on address bar indicates the detected framework. Version detecting is being implemented.Chrome WebStore LinklinkApplication Fingerprinting
Domain DetailsDomain Details provides the following information on the site you are visiting:

- Server IP Address
- Server's Location. Based on a Geo IP database in the extension, does not poll an external service.
- Server Software. Shows icons for common servers.
- View server response headers within the extension
- Domain Whois Links
Chrome WebStore LinklinkNetwork Fingerprinting
Edit This CookieThis extension lets you:
Delete all cookies in a page, Delete only the chosen cookie on a page, Edit any cookie, Add a new cookie, Search a cookie, Protect a cookie (read-only), Block cookies (cookie filter)
Chrome WebStore LinkChrome WebStore LinkCookie Editor, Session Management/Fixation
Firebug LiteFirebug Lite is not a substitute for Firebug, or Chrome Developer Tools. It is a tool to be used in conjunction with these tools. Firebug Lite provides the rich visual representation we are used to see in Firebug when it comes to HTML elements, DOM elements, and Box Model shading. It provides also some cool features like inspecting HTML elemements with your mouse, and live editing CSS properties.Chrome WebStore LinklinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
Form FuzzerFuzz testing utility I created to assist in populating web forms with some random data.Chrome WebStore LinklinkParameter Manipulation/Injection
JSONView for ChromeJSONView for chrome is an extension that helps you to parse and view JSON documentsChrome WebStore LinklinkHelper Extension
Latest Sophos Security AlertsDisplays the Sophos security alerts direct in your browserChrome WebStore LinkHelper
Penduleconvert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new
tab, similar to built-in view source functionnality)
Chrome WebStore LinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
Proxy Switchy!Proxy Switchy! is an advanced proxy manager for Google Chrome, it allows users to manage and switch between multiple proxy profiles quickly and easily.Chrome WebStore LinklinkProxy Tools
Simple REST ClientSimple REST Client is an extension for Google Chrome to help construct custom
HTTP requests to directly test your web services.

Select the URL, method, fill the headers and body if necessary.
Click Send.
Analyze response headers and body.
Chrome WebStore LinklinkParameter Manipulation/Injection
Swap My CookiesSwap My Cookies is a session manager, it manages your cookies, letting you login on any website with several different accounts. You can finally login into gmail, yahoo, hotmail, and just any website you use, with all your accounts; if you want to use another account just swap profile!Chrome WebStore LinkSession Fixation/Management
Unencrypted Password WarningUnencrypted Password Warning detects whether a password or credit card number is about to be sent with a form that does not use HTTPS.Chrome WebStore LinkDetects Security Flaw
User-Agent Switcher for ChromeThe extension allows you to set a specific filtering list, so it will automatically switch user-agent strings based on the domain or URL you specify. Also, it will use and auto-update a list of sites known to use incorrect user-agent sniffing (which can be disabled.)Chrome WebStore LinklinkMobile Security Testing, Client-side Bypass
Web DeveloperOfficial port of the popular Web Developer extension for Firefox.convert POSTs to GETs, Remove Maxlength, view selection source (syntax highlighted code appears in a new
tab, similar to built-in view source functionnality)
Chrome WebStore LinklinkDynamic Frontend Manipulation/Injection, Bypass Client Side Validations
WebsecurifyWebsecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies.

This extension is useful to anyone who wants to quickly assess the security of their web applications.
Chrome WebStore LinklinkWeb Page Scanner
XSS RaysComplete XSS reversing/scanner tool. Find how a site is filtering code, check for injections and inspect objects.Chrome WebStore LinklinkXSS, Scanner
Additional Source:
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment


Post a Comment