Firefox Configuration

Search

When I type a search term into the address bar it uses Bing to find the term. How do I change that?

In the address bar, type:

about:config

Acknowledge the warning, accept the risk.

Among the many configuration settings, you should see one in bold (indicating that it is “user set,” not the default):

keyword.URL

Right-click and choose “Reset”.

For additional “about” commands, try “about:about”.

Paste

To protect users’ private information, unprivileged scripts cannot invoke the Cut, Copy, and Paste commands in the Mozilla rich text editor, …

A site and protocol (HTTP or HTTPS) control is available through a user.js script.

Extensions

What I’m running:

  • Edit Cookies Update, add, or delete cookies live. No more page refreshes or editing text files. Edit Cookies allows you to change cookies from a convenient screen. Great for web site testing, particularly security tests!
  • Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
  • Flashblock currently blocks Macromedia Flash, Shockwave and Authorware content. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content.
  • FlashFirebug Debug ANY AS3 SWF files on the web. Edit properties and inspect elements. Redirect SWF output to the extension. Run AS3 code and transform objects on the fly. Access SWF assets with the decompiler. View AMF calls and Shared Objects and much more! Requires Firebug.
  • User Agent Switcher You can use this extension to change the user agent of your browser.Useful for web application penetration tests that you want to check and the mobile versions of the websites.
  • Web Developer
  • wmlbrowser Simulate WAP browsing by viewing WML (Wireless Markup Language) pages.
  • XHTML Mobile Profile Firefox does not natively support the mime-type application/vnd.wap.xhtml+xml. This is one of the possible mime-types for XHTML Mobile Profile. This addon adds support for this mime-type.

What I should be running:

  • FireCAT (Firefox Catalog of Auditing exTensions) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment. FireCAT is not a replacement of other security utilities and software as well as fuzzers, proxies and application vulnerabilities scanners.

Other addons:

  • Hackbar Useful for SQL injection and XSS attacks.It includes also tools for URL and HEX encoding/decoding and many more.
  • HttpFox Monitor and analyze all the incoming and outgoing HTTP traffic between your browser and the web server.
  • Live HTTP Headers View the HTTP headers of a website instantly.
  • Tamper Data View and modify HTTP/HTTPS headers and post parameters.
  • ShowIP Shows the IP of the current page in the status bar.It also includes information like the hostname, the ISP, the country and the city.
  • OSVDB Open Source Vulnerability Database Search.
  • Packet Storm search plugin Search the Packet Storm database for exploits, tools and advisories.
  • Offsec Exploit-db Search Search the Exploit-db archive.
  • Security Focus Vulnerabilities Search Plugin Search for vulnerabilities in the Security Focus database.
  • Cookie Watcher Watch the selected cookie in the status bar.
  • Header Spy Shows HTTP Headers on status bar
  • Groundspeed Manipulate the application user interface.
  • CipherFox Displays the current SSL/TLS cipher and certificate on the status bar.
  • XSS Me Tool for testing reflected XSS vulnerabilities.
  • SQL Inject Me Extension to test SQL Injection vulnerabilities.
  • Wappalyzer Discover technologies and applications that are used on websites.
  • Poster Make HTTP requests,interact with web services and watch the output.
  • Javascript Deobfuscator Show the JavaScript code that are running on web pages.
  • Modify Headers Modify HTTP request headers.
  • FoxyProxy Advanced proxy management tool.
  • FlagFox Displays a country flag for the location of the web server. It also includes tools such as Whois, Geotool, Ping, and Alexa.
  • Greasemonkey Customize the way a webpage behaves by using small bits of JavaScript.
  • Domain Details Displays Server Type, Headers, IP Address, Location Flag, and links to Whois Reports.
  • WorldIP Location of the web server, IP, Datacenter, Ping, Traceroute, RDNS, AS etc.
  • Websecurify Useful for security assessments in web applications.
  • XSSed Search Search the cross-site scripting database at XSSed.com.
  • ViewStatePeeker ASP.NET viewstate viewer.
  • CryptoFox CryptoFox is an encryption/decryption tool for cracking MD5 passwords.
  • Server Spy Unveils the technology of the web server (Apache, IIS etc.)
  • Default Passwords Search CIRT.net default password database.
  • Snort IDS Rule Search Search for Snort IDS Rules.
Advertisements

Comments are closed.