Categories
Security

Firefox Add-ons for Security Researchers and Penetration Testers

  1. FoxyProxy Standard
    FoxyProxy is an advanced proxy management add-on for Firefox browser. It improves the built-in proxy capabilities of Firefox. There are few other similar kind of proxy management add-ons available, but it offers more features that other add-ons. Based on the URL patterns, it switches internet connection across one or more proxy servers. When proxy is in use, it also displays an animated icon. In case you want to see the proxies used by the tool, you can see the logs.

    Add FoxyProxy to you browser from this link: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

  2. Firebug
    Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.Add Firebug in your Browser from this link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
  3. Web Developer
    Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.Add Web Developer in your browser from this link: https://addons.mozilla.org/de/firefox/addon/web-developer/

  4. User Agent Switcher
    User Agent Switcher add-on; adds a one click user agent switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user agent, use the browser button. User Agent add on helps in spoofing the browser while performing some attacks.

    Add User Agent Switcher to your browser from this link: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/

  5. Live HTTP Headers
    Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.Add Live HTTP Headers to Firefox with this link: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

  6. Tamper Data
    Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.Add the Tamper data add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

  7. Hackbar
    Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.Add Hackbar add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/
  8. Websecurify
    Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.Add WebSecurify to Firefox browser with this link: https://addons.mozilla.org/en-us/firefox/addon/websecurify/

  9. Add N Edit Cookies
    “Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.To download Add N Edit Cookies to Your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies-13793/

  10. XSS Me
    Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.Add XSS Me
    to your Firefox browser: https://addons.mozilla.org/en-us/firefox/addon/xss-me/

  11. SQL Inject Me
    SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.Add SQL Inject Me
    add-on to your browser: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/

  12. FlagFox
    FlagFox is another interesting add-on. Once installed in the browser, it displays the country’s flag to tell the location of the web server. It also comes with other tools like whois, WOT scorecard and ping.Add FlagFox in your browser: https://addons.mozilla.org/en-us/firefox/addon/flagfox/

  13. CryptoFox
    CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.Add CryptoFox add-on to your browser: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

  14. Access Me
    Access Me, is another add-on for security testing professionals. This add-on is developed by the company that works on XSS Me and SQL Inject Me. Access Me is the can Exploit-Me tool used for testing access vulnerabilities in web applications. This tool works by sending several versions of page requests. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.Add Access Me to Firefox from this link: https://addons.mozilla.org/en-US/firefox/addon/access-me/

  15. SecurityFocus Vulnerabilities search plugin
    SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/
  16. Packet Storm search plugin
    This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/
  17. Offsec Exploit-db Search
    This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/
  18. Snort IDS Rule Search
    Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users.Add Snort IDS Rule Search to Firefox here: https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/

Source: Infosec

Categories
Security

What does Vulnerable Column mean in UNION SELECT

Let’s say on your server-side code, you have this code:

sql = "select id, title, description from artists where id = " + id

So using this injection:

http://testphp.vulnweb.com/artists.php?artist=-1 union select 1,2,3

Would result in SQL statement as below:

select id, title, description from artists where id= -1 union select 1,2,3

If on the client-side (UI), “2” and “3” are displayed in the “title” and “description” fields, then we can say column 2 and column 3 of that table are vulnerable, which means if we put “version()” instead of 2 like below:

select id, title, description from artists where id= -1 union select 1,version(),3

then on the “title” field, instead of “2” we will receive the version value.

So basically, vulnerable columns are those that we have exposure of them on the client-side (UI) and we can see the result of injected code, for example in the above code, the version.

Categories
Security

Bug in Splunk Universal Forwarder on Windows

Installing Splunk Forwarder on Windows seems to be very easy, thanks to the user friendly installation wizard. But after installation, there are several issues including a bug, which prevents a smooth experience of this report indexer.

I recommend to use “Customize Options” during the installation so you can specify the deployment server and other configuration parameters, as with default installation or unattended installation, the outputs.conf is not created automatically and therefore you need to create it manually.

splunk-installation

The bug is existing in version 6.4.0 x64 bit architecture, while everything seems in order, but there is no log on the Splunk Server recorded. This bug can be solved by adding “wineventlog;” to “srchIndexDefault” under “[role_admin]” section in “authorize.conf” file from the path “$splunk_installation_path/etc/system/local/”.

It is worth mentioning that the said “authorize.conf” file does not exist by default on the above mentioned path, and first, it should be copied from “$splunk_installation_path/etc/system/default/” and then be modified.

There is also another file “indexes.conf” required, which is not created during the installation and shall be created and configured manually. The content of this file shall be as below:

[default]

homePath = $SPLUNK_DB/winevents/db

coldPath = $SPLUNK_DB/winevents/colddb

thawedPath = $SPLUNK_DB/winevents/thaweddb

maxDataSize = 10000

maxHotBuckets = 10

The term “index = default” shall be added to “inputs.conf” and “outputs.conf” files from the path “$splunk_installation_path/etc/system/local/” under “[default]” section.

 

Categories
Security

Install Splunk Universal Forwarder unattended (silent mode)

Here it might seem odd, but some times small things might take a lot of times, specially when you are at the project. One of them that bugged me a lot recently, is to install Splunk Universal Forwarder unattended.

Here is the command to install 64-bit version:

msiexec.exe /I splunkforwarder.[version].[make]-x64-release.msi AGREETOLICENSE=Yes DEPLOYMENT_SERVER="IP_ADDRESS:PORT_NUMBER" LUNCHSPLUNK=1 SERVICESTARTTYPE=auto /quiet

But the catch is, you should run your power shell command line instance as an administrator, if you UAC is enabled. To do this, when opening a new cmd prompt or power shell instance, right click and select “Run As Administrator”.

I have prepared a script which would automatize the installation process for you within your parent script:

function Install-SplunkForwarder {

$arguments = @(
   "/i"
   "`"splunkforwarder-[version]-[make]-x64-release.msi`""
   "DEPLOYMENT_SERVER=`"10.0.0.148:1337`""
   "AGREETOLICENSE=Yes"
   "/quiet"
   "/norestart"
   "LOGON_USERNAME=`"domain\username`""
   "LOGON_PASSWORD=`"password`""
)

Write-Verbose "Installing package..."
$process = Start-process -FilePath c:\splunkforwarder-[version]-[make]-x64-release.msi -ArgumentList $arguments -Wait -Passthru
if ($process.ExitCode -eq 0){
   Write-Verbose "Successfully installed"
} else {
   Write-Verbose "Installer exit code $($process.ExitCode)"
}
}

You may skip the LOGON_USERNAME and LOGON_PASSWORD if you intent to run the SplunkForwarder Service with a SYSTEM account.