Video Screencast Help
Security Community Blog

Firefox & Web Application Security: Arming Your Browser Part III

Created: 27 Mar 2013 • Updated: 11 Nov 2013 • 1 comment
vince_kornacki's picture
+5 5 Votes
Login to vote

Welcome back! This final installment of the “Firefox & Web Application Security: Arming Your Browser” series will focus on add-ons that can be used to launch hardcore attacks against the target web application. This installment isn’t for the faint of heart. Let’s get this party started!

XSS Me
Cross-site scripting (XSS) vulnerabilities are lame, right? Wrong! In addition to compromising authenticated user sessions, XSS vulnerabilities can be exploited with several advanced techniques:

  • Log keystrokes within the vulnerable web application
  • Launch phishing attacks through content injection
  • Launch port scans against internal network servers

Refer to the “Getting Sassy With XSS” blog series for more information regarding these advanced XSS exploit techniques:

http://www.symantec.com/connect/blogs/getting-sassy-xss-part-1-keystroke-logging
http://www.symantec.com/connect/blogs/getting-sassy-xss-part-2-phishing-through-content-replacement
http://www.symantec.com/connect/blogs/getting-sassy-xss-part-3-port-scanning

So how do you find XSS vulnerabilities? Look no further. The XSS Me add-on allows you to fuzz the current page for cross-site scripting vulnerabilities. The add-on inserts a handy sidebar that lists each form and parameter on the current page. Just select “Tools”, “XSS Me”, and “Open XSS Me Sidebar”:

G1.png

A specific parameter can be individually tested with a single XSS payload, or fuzzed with either the top payloads or all payloads. Alternatively, every parameter on every form can be fuzzed with either the top payloads or all payloads. In addition, payloads can added or removed:

G2.png

It’s time to get your XSS on! The XSS Me add-on is available from the following location:

https://addons.mozilla.org/en-US/firefox/addon/xss-me/

SQL Inject Me
Cross-site scripting is cool and all, but what if you’re totally 31337 and want to get your paws on the backend database server? What if XSS Me had a twin sister named SQL Inject Me? Well he does, and she is a lean mean SQL injection machine! The SQL Inject Me add-on allows you to fuzz the current page for SQL injection vulnerabilities. Just like her brother, this add-on inserts a handy sidebar that lists each form and parameter on the current page. Just select “Tools”, “SQL Inject Me”, and “Open SQL Inject Me Sidebar”:

G3.png

Just like XSS Me, a specific parameter can be individually tested with a single SQL injection payload, or fuzzed with either the top payloads or all payloads. Alternatively, every parameter on every form can be fuzzed with either the top payloads or all payloads. In addition, payloads can added or removed:
G4.png

You could say that XSS Me and SQL Inject me are extremely powerful twins. You might as well call them Luke and Leia. The SQL Inject Me add-on is available from the following location:

https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/

Tamper Data
The XSS Me and SQL Inject Me add-ons are great, but what if you want to change arbitrary headers and POST parameters before they’re submitted to the web application? Then it’s time to whip out the Tamper Data add-on! Just select “Tools” and “Tamper Data” in order to display the Tamper Data window:

G5.png

Click “Start Tamper” and subsequent network communications with the target web application are intercepted and ready for modification:

G6.png

You can now modify arbitrary request headers and POST parameters in order to launch advanced attacks against the target web application! The Tamper Data add-on is available from the following location:

https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

FoxyProxy Basic
The tools described so far don’t cut it? No problem, it’s time to resort to an intercepting proxy and go medieval on the target web application! Burp Suite, Paros, and WebScarab are three popular intercepting proxies. While all three of these intercepting proxies are great, my favorite is named after an event that occurs after you consume pizza and beer.

The FoxyProxy Basic add-on lets you quickly change between proxy servers. The add-on inserts a color coded icon to the right of the address bar. Clicking on this icon toggles between proxy servers, and proxy servers can be configured by right clicking on the icon:

G7.png

That’s a lot easier than selecting “Edit”, “Preferences”, “Advanced”, “Network”, “Setting”, and manually modifying the proxy server and port every time you want to switch proxy servers! The FoxyProxy Basic add-on is available from the following location:

https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-basic/

In addition, the aforementioned proxy servers are available from the following locations:

http://www.portswigger.net/burp/proxy.html
http://www.parosproxy.org/
https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project

Note that Burp Suite Pro includes advanced features for $299 per year.

Conclusion
Well I hope you’ve enjoyed the “Firefox & Web Application Security: Arming Your Browser” series. This installment covered add-ons that can be used to launch hardcore attacks against the target web application. By now your Firefox browser should be armed and dangerous! But remember what Uncle Ben said, “With great power comes great responsibility”. In other words, yield these powerful Firefox add-ons in a professional manner! And try not to get bitten by any radioactive spiders!

Blog Entry Filed Under:

Comments 1 CommentJump to latest comment

.Brian's picture

Concise and very well written. Thank you for sharing.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

+1
Login to vote