Pimp My Chrome – Pen Testing Style

I’m mostly a Firefox user as I can’t do without my Tree Style Tabs and easy-to-use NoScript plugins but this post from InfosecInstitute.com got me interested in looking at Chrome a little more. In this post Shathabheesha discusses several plugins that allow you to do some off the cuff pen testing without ever leaving your browser. I’ve seen plugins like these for Firefox as well but the simple port scanner by ClsHack.it puts it over the top.

#####

You might be wondering about the title. Let me tell that you shall have your answer by the end of this story.

Hacking has been considered as a mysterious act of 0s and 1s that can either make you or destroy you. Along these lines, things have been simplified to a large extent after the growth of Y2K syndrome and web technologies. This is an effort to simplify certain things that can help you in your pen-testing cycle.

The Chrome Web Store has an amazing collection of browser add-ons which can be used on a regular basis for your pen-testing scenarios, or as a new window of understanding of the web for a novice. The following sections describe how to go about pimping your favorite browser!

1. Web Developer

A simple, yet very important, add-on in your browser can yield a lot of help when performing security tests. The Web Developer extension brings along with it various options as shown in the screenshot.

The “Web Developer” extension Forms tab displays hidden web page elements, which may be useful in CSRF attacks.

The above screenshot shows only the Form section of this add-on. You can also Disable JavaScript if you feel you need more safety when browsing online. This protects you from Cross Site Scripting (XSS) attacks and the like. The most important feature is the Forms tab. This panel displays the hidden elements in a web page. This can particularly be used when performing CSRF attacks. If you happen to see hidden token information, and that token is not implemented well, then this information can be used to cause CSRF (Cross Site Request Forgery) attacks.

2. Chrome Whois

Whois is a fingerprinting protocol that comes in handy when you need to get the domain information about a website. The job is made easier by the Chrome Whois  extension. Just visit the site, and click on the icon, and it opens the complete whois information about a particular website in a new tab. The information you get can range from personal email ids, postal addresses, technical admins and company admins. These details can aid a lot in social engineering and makes attacks a lot easier!

The “Chome Whois” extension provides the ideal fingerprinting tool that could aid in social engineering attacks.

For this particular website the extension reveals a lot of personal information, so I chose not to present the other details here.

3. Edit this Cookie

One of the favorite exploits of all time is injecting scripts that can extract cookie-information and provide attackers session access to victim accounts. Edit this Cookie is an extension that does just that! This facilitates editing cookie values and adding new cookies to the browser.

“Edit this Cookie” makes hijacking user sessions a piece of cake.

The above screenshot depicts a site vulnerable to XSS. Here, an attacker can extract cookie information from the XSS injecting string and hijack a victim’s session!

4. Port Scanner for All Hosts

Many a times we browse websites and would like to get a little naughty. Instead of firing Nmap for a basic test for all the open ports, the Port Scanner for All Hosts extension performs a simple port scan and generates a compact report about open services/ports. Just click the icon in your Chrome browser to get the following output.

“Port Scanner for All Hosts” allows users to simply click an icon in Chrome to get a quick list of open and closed ports.

Port scanning comes handy when you need to perform a vulnerability/risk assessment of a corporate network. Surely, an Nmap scan is always preferred over a browser plugin but for getting started with a quick scan, what can get better than this?

5. HTTP Headers

HTTP headers are a great value to a dedicated attacker when it comes to automating attacks. The header information by itself isn’t very harmful, but it surely gives the attacker the information about the web server data like OS, server and other important details. The HTTP Headers extension makes this information readily available.

“HTTP Headers” provides quick access to server header information that could reveal important details about the server.

One of the most basic information can be got here, that WordPress is using nginx server. This particular information is critical, as most of us are aware that nginx had a severe Denial of Service Vulnerability in the past. So, the major intention here is that there are certain server configurations which allow automated attacks to yield. As an administrator it’s wise to prevent as much information disclosure as possible to safeguard oneself from attacks. Some other types of headers like X-content-type can lead to potential XSS attacks, if they are set to no sniff option. Similarly X-Frame header lets the web page decide whether or not any content within iframe tags needs to be rendered. A poorly configured web server with no X-frame validation leads to click jacking attacks.

For a deeper look into these attacks, check out the CEH certification course offered by the InfoSec Institute.

6. IP Address & Domain Information

I must say this is a quick and dirty tool – one stop shop for the quick information gathering about any web server. Let’s check what information can be got from this fabulous extension.

Network Information: In this category, the add-on provides all the details like reverse DNS, IP range, subnet, ISP name and even address.

SPAM Database Lookup: Here, various SPAM databases are probed to see if this web site is involved in spamming. And it provided us with a Listed/Not Listed result.

Block List: Look up and Whoisinformation: As shown earlier, this tool also provided Whoisinformation, but along with Whoisinformation, this tool also provides added functionality.

Hosting Information: The add-on also lists the top websites that are hosted on this particular IP address, and tells number of websites running under each IP addresses.

Geo-Location Data: The best part about this extension is it provided the latitude and longitude co-ordinates of most closely proximate area around the web server.

“IP Address & Domain Information” is a goldmine for network information, spam database lookups, block lists, hosting information, and geo-location data.

7. VTchromizer

This is an extension lets you browse virus free. With over 35 scan engines, you can be sure to get a confirmed result about the status of the site you are browsing. Download VTchromizer from the Google’s Chrome store and just choose the scan current site option. The extension also provides the facility to check for URLs, hashes, etc. and compare it with VirusTotal’s database. This plugin is considered one of the most useful plugins when encountering a suspicious file.

“VTchromizer” lets you quickly scan the current web site with over 35 scan engines from VirusTotal.

8. Advanced Encoder/Decoder

When performing web application security testing, we need to test for various vulnerabilities like XSS, CSRF, and other OWASP top 10 attacks. Web developers are sharp to add filters to evade these special strings from playing dirty with site visitors. The Advanced Encoder/Decoder extension helps attackers (web security tester here) try to evade these filters and assists developers in further securing the design and architecture of web applications.

The most important use of this tool comes when playing Capture the Flag (CTF) events. The cryptography rounds can sometimes be as simple as binary/hex/base64 mixture used intelligently to confuse the player. This tool supports all the above formats for your perusal.

“Advanced Encoder/Decoder” not only comes in handy for bypassing web application input filters but also for solving crypto challenges in CTFs.

9. Firebug Lite

Firebug Lite is the Chrome version of Firebug for Firefox. This add-on is a very helpful tool for developers as well as security enthusiasts. For the security researchers, Firebug Lite helps detect persistent JavaScript within the HTML source code injected by the attackers. The extension also helps developers understand CSS- and DOM-based functionality right from the source. This understanding will eventually lead to improved architecture of the overall web application.

“Firebug Lite” helps security researchers detect attacker JavaScript and developers improve the overall architecture of the web application.

As you can see, the upper middle is the web page and the lower middle is the firebug window.

Source: “Pimp my Chrome” – InfosecInstitute.com

#####

Have any other interesting security testing plugins for Chrome? Let us know in the comments below. Today’s post pic is from Download Squad.

8 comments for “Pimp My Chrome – Pen Testing Style

  1. April 2, 2013 at 2:28 pm

    Pimp My #Chrome – Pen Testing Style http://t.co/0p3w6cPGpx #webappsec

  2. April 2, 2013 at 4:03 pm

    #NOVABLOGGER: Pimp My Chrome – Pen Testing Style http://t.co/2M7anjqln0 http://t.co/cYHF0lcT4I

  3. April 2, 2013 at 5:05 pm

    “@opexxx: Pimp My Chrome – Pen Testing Style http://t.co/1qRvDfSj1X” #infosec

  4. April 2, 2013 at 7:01 pm

    Pimp My Chrome – Pen Testing Style http://t.co/UyOZxYKyYw

  5. April 2, 2013 at 7:32 pm

    Pimp My Chrome – Pen Testing Style https://t.co/lxYb7qKxEG

  6. April 3, 2013 at 12:29 am

    Pimp My Chrome – Pen Testing Style http://t.co/lhMSOljUch via @zite

  7. April 3, 2013 at 8:13 am

    Pimp My Chrome – Pen Testing Style https://t.co/OtRq68la6g

  8. April 3, 2013 at 9:22 am

    Pimp My Chrome – Pen Testing Style | http://t.co/42FWWyAM21

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.