I will share some Browser Extensions to help you when pentesting a website,The extension below is taken from https://securitytrails.com/ And other sources, then I added some other Extensions. Before that, make sure you are running the latest versions of Mozilla Firefox and Google Chrome web browsers.
Wappalyzer
Wappalyzer, an add-on available on Chrome and Firefox, can detect all these technology platforms running on any website. As mentioned, this technical data can be further used to search for active CVEs and discover potential threats behind the technology involved.
Shodan
Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services. Once installed, it will automatically check the Shodan API when you visit a website, and all of the information mentioned above will be viewable in the pop-up.
DotGit
An extension to check if .git is open on visited websites. And found some .env .hg and .svn file. The application will notify you if some of the files above are found, which is perfect for bug bounty hunting when visiting your target web.
PwnFox
PwnFox uses Firefox container feature to hold multiple unique sessions in the same browser window, no more need to have 3 Firefox instances opened in private browsing mode. For more advanced settings you can set the proxy to Burpsuite. please read the following article https://blog.yeswehack.com/yeswerhackers/pimpmyburp-pwnfox-autorize-find-idor/
Install for: FIREFOX
FoxyProxy
If you’re a bug bounty hunter, a reliable proxy will allow you to check applications from different locations. Burp Suite, for example, requires you to switch proxies manually—but with a tool like FoxyProxy, all that hassle is replaced by a single click.
FoxyProxy comes as a Firefox and Chrome (along with many other browsers) extension that allows you to manage different proxy servers, and set them to run at intervals or turn off the proxy connection at a desired period. It automatically switches internet connection between
the proxies according to URL rules.
HTTP Header Live
HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website’s live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it.
Cookie editors
HackBar
HackBar is a browser extension that allows for testing simple SQL injection and XSS holes. And while you can’t execute standard exploits, you can use it to check if the vulnerability exists. When you enable the toolbar, it provides a simple console with testing tasks, and allows you to manually submit form data with POST or GET requests.Other features include hashing algorithms, encryption and encoding tools, SQL injection assistance and the capability to test for XSS vulnerability with XSS payloads.The HackBar extension is available on both Chrome and Firefox but they do differ slightly with different creators that based them on the original, no longer available Firefox extension. The Chrome extension is the one more widely used and constantly updated as part of their Developer tools. The Firefox extension, HackBar Quantum is one among many other versions of the same tool, this one seemingly most solid.
User-Agent Switcher
User-Agent Switcher refers to both name of the tools and their function, as variants of this tool offered by both Firefox and Chrome do differ—with the Chrome extension more robust and included in their Developer tools. Used for spoofing a browser while executing attacks, User-Agent Switcher allows you to switch off your user agent easily and with just a few clicks. To further help in spoofing, you can set up specific URLs that you want to spoof every time.
Retire.js
Retire.js is a vulnerability scanner for Javascript libraries. While it’s primarily run as a command line tool, it also comes as both a Firefox and Chrome extension. It scans and gathers information about vulnerable Javascript libraries in a target web app, allowing bug bounty hunters to find CVEs.
Temp Mail
Temp Mail provides temporary, secure, anonymous, free and disposable email addresses. Can be used to do pentest if there is a register feature and if you want to use more than one account, without having to use your email from Gmail
And above are 11 Extensions for Bug Bounty Hunting
Hopefully it can help you :D Thank you for visiting this article, and maybe later there will be other interesting articles. Help subscribe my channel about the PoC Bounty Bug that I found YouTube | Twitter
untuk Terjemah ke indo silahkan pake Ektensi ini
Firefox: https://addons.mozilla.org/en-US/firefox/addon/traduzir-paginas-web/
1 komentar