I’m mostly a Firefox user as I can’t do without my Tree Style Tabs and easy-to-use NoScript plugins but this post from InfosecInstitute.com got me interested in looking at Chrome a little more. In this post Shathabheesha discusses several plugins that allow you to do some off the cuff pen testing without ever leaving your browser. I’ve seen plugins like these for Firefox as well but the simple port scanner by ClsHack.it puts it over the top.
You might be wondering about the title. Let me tell that you shall have your answer by the end of this story.
Hacking has been considered as a mysterious act of 0s and 1s that can either make you or destroy you. Along these lines, things have been simplified to a large extent after the growth of Y2K syndrome and web technologies. This is an effort to simplify certain things that can help you in your pen-testing cycle.
The Chrome Web Store has an amazing collection of browser add-ons which can be used on a regular basis for your pen-testing scenarios, or as a new window of understanding of the web for a novice. The following sections describe how to go about pimping your favorite browser!
1. Web Developer
A simple, yet very important, add-on in your browser can yield a lot of help when performing security tests. The Web Developer extension brings along with it various options as shown in the screenshot.
2. Chrome Whois
Whois is a fingerprinting protocol that comes in handy when you need to get the domain information about a website. The job is made easier by the Chrome Whois extension. Just visit the site, and click on the icon, and it opens the complete whois information about a particular website in a new tab. The information you get can range from personal email ids, postal addresses, technical admins and company admins. These details can aid a lot in social engineering and makes attacks a lot easier!
For this particular website the extension reveals a lot of personal information, so I chose not to present the other details here.
3. Edit this Cookie
One of the favorite exploits of all time is injecting scripts that can extract cookie-information and provide attackers session access to victim accounts. Edit this Cookie is an extension that does just that! This facilitates editing cookie values and adding new cookies to the browser.
The above screenshot depicts a site vulnerable to XSS. Here, an attacker can extract cookie information from the XSS injecting string and hijack a victim’s session!
4. Port Scanner for All Hosts
Many a times we browse websites and would like to get a little naughty. Instead of firing Nmap for a basic test for all the open ports, the Port Scanner for All Hosts extension performs a simple port scan and generates a compact report about open services/ports. Just click the icon in your Chrome browser to get the following output.
Port scanning comes handy when you need to perform a vulnerability/risk assessment of a corporate network. Surely, an Nmap scan is always preferred over a browser plugin but for getting started with a quick scan, what can get better than this?
5. HTTP Headers
HTTP headers are a great value to a dedicated attacker when it comes to automating attacks. The header information by itself isn’t very harmful, but it surely gives the attacker the information about the web server data like OS, server and other important details. The HTTP Headers extension makes this information readily available.
One of the most basic information can be got here, that WordPress is using nginx server. This particular information is critical, as most of us are aware that nginx had a severe Denial of Service Vulnerability in the past. So, the major intention here is that there are certain server configurations which allow automated attacks to yield. As an administrator it’s wise to prevent as much information disclosure as possible to safeguard oneself from attacks. Some other types of headers like X-content-type can lead to potential XSS attacks, if they are set to no sniff option. Similarly X-Frame header lets the web page decide whether or not any content within iframe tags needs to be rendered. A poorly configured web server with no X-frame validation leads to click jacking attacks.
For a deeper look into these attacks, check out the CEH certification course offered by the InfoSec Institute.
6. IP Address & Domain Information
I must say this is a quick and dirty tool – one stop shop for the quick information gathering about any web server. Let’s check what information can be got from this fabulous extension.
Network Information: In this category, the add-on provides all the details like reverse DNS, IP range, subnet, ISP name and even address.
SPAM Database Lookup: Here, various SPAM databases are probed to see if this web site is involved in spamming. And it provided us with a Listed/Not Listed result.
Block List: Look up and Whoisinformation: As shown earlier, this tool also provided Whoisinformation, but along with Whoisinformation, this tool also provides added functionality.
Hosting Information: The add-on also lists the top websites that are hosted on this particular IP address, and tells number of websites running under each IP addresses.
Geo-Location Data: The best part about this extension is it provided the latitude and longitude co-ordinates of most closely proximate area around the web server.
This is an extension lets you browse virus free. With over 35 scan engines, you can be sure to get a confirmed result about the status of the site you are browsing. Download VTchromizer from the Google’s Chrome store and just choose the scan current site option. The extension also provides the facility to check for URLs, hashes, etc. and compare it with VirusTotal’s database. This plugin is considered one of the most useful plugins when encountering a suspicious file.
8. Advanced Encoder/Decoder
When performing web application security testing, we need to test for various vulnerabilities like XSS, CSRF, and other OWASP top 10 attacks. Web developers are sharp to add filters to evade these special strings from playing dirty with site visitors. The Advanced Encoder/Decoder extension helps attackers (web security tester here) try to evade these filters and assists developers in further securing the design and architecture of web applications.
The most important use of this tool comes when playing Capture the Flag (CTF) events. The cryptography rounds can sometimes be as simple as binary/hex/base64 mixture used intelligently to confuse the player. This tool supports all the above formats for your perusal.
9. Firebug Lite
As you can see, the upper middle is the web page and the lower middle is the firebug window.
Source: “Pimp my Chrome” – InfosecInstitute.com
Have any other interesting security testing plugins for Chrome? Let us know in the comments below. Today’s post pic is from Download Squad.