Top 9 Browser Extensions used by Hackers and Pentesters
Modern web browsers are for their majorities reliable and offer us by default a wide choice of options and features. But you may not know that it is possible to install extensions that will allow you to do much more than just browse the web.
The extension libraries associated with Chrome and Firefox browsers are impressive by the number of extensions available and the differents functionalities they offer. They will allow you to do with your browser everything you want as long what you are looking to do is something possible. For the hackers but also for the researchers and specialists of cybersecurity, these libraries of extensions are true mines of gold.
WHAT YOU WILL NEED
To follow this tutorial, you will need Chrome or Mozilla Firefox on your computer. Whichever browser you use, make sure it’s up to date, then go to the Google Chrome Web Store for Google Chrome users or the Firefox add-ons page for Firefox users.
HTTP HEADER LIVE
“HTTP Header Live” is an extension available for Chrome and Firefox browsers used to display header information for a website. This HTTP header information is very useful for analyzing a website, that can help you to find out which charset the website uses, the language, the caching, the authorization, the expiration of the content but also informations about cookies or third-party websites that relay incoming or outgoing information from or to the website where you are.
All these data are not visible by default. “HTTP Header Live” allows you to capture in an easy and intuitive way all queries and information transmitted by your browser in the headers of the pages. This extension also allows you to modify the requests you are capturing and then have them re-executed by your browser. This tool is often used by system administrators, web developers, and cybersecurity professionals.
USER-AGENT SWITCHER
To view a web page, your browser sends different information about the type of device that is making the request in order to return the content adapted to the device you are using. For example, most modern websites do not return the same version of a website based on whether you visit it from a computer, tablet, or phone.
Unfortunately your browser can also send a lot of personal information about your machine, your operating system or even the geographical origin of the request.
To avoid this “User-Agent Switcher” allows you to quickly and easily change the “User-Agent” of your browser offering a choice of 26 different strings and giving you also the possibility to insert a customized one.
The user interface is simple and provides immediate access to the different options available. Once you have selected a new agent, you will have to reload your page for it to be taken into account.
CHAMELEON
Just like “User-Agent Switcher”, “Chameleon” allows you to modify the “User-Agent” of your browser. But Chameleon also offers a lot of other features that are listed below.
UserAgents
- Random selection in a predefined list of “User-Agent”.
- Choice of different operating systems and devices.
- Possibility of customizing the “User-Agent”.
- Automatic change of “User-Agent” at predefined intervals.
Headers
- Ability to edit certain values sent in your headers.
- Ability to modify the values returned by the “REFERRER” field.
- Activation of the option “Do not follow”.
Options
- Script injection.
- Follow-up protection.
- Disabling WebSockets.
- Time zone spoofing.
- Screen size spoofing.
- Changing cookie options.
- WebRTC leak prevention.
Whitelist
- Whitelist profile creation.
- Switch from real to fake profile.
- Management and definition of custom rules.
- Support for regular expressions.
Unfortunately for Chrome users this extension is currently only available on Firefox and we do not find any equivalence for Chrome.
Install Chameleon: Firefox
LOCATION GUARD
Modern browsers such as Chrome, Mozilla Firefox, Safari or Opera can transmit to websites that you visit your geographic coordinates that can be used later for example to provide you with targeted content.
Your precise geographic location may be obtained by various methods, which may constitute a violation of your privacy.
“Location Guard” allows you to change your geolocation by returning to the websites you visit a fake longitude and latitude. This extension has 4 privacy levels “Low, Medium, High, Fixed Location” that you can configure according to your needs.
The first 3 levels “Low, Medium, High” are to be used in case you want to let “Location Guard” manage itself a new geolocation in a completely random way but remaining coherent with respect to your current position.
The 4th level “Fixed Location” allows you to set yourself a fake geolocation that will be returned to the websites you visit.
COUNTRY FLAG+
This extension does not represent a great technological innovation but it is nevertheless very appreciable because of its simplicity. Once installed “Country Flag+” will display in the bar of your browser a flag indicating the country where the server of the website you are currently visiting is located.
By clicking on this flag you will be able to obtain additional information such as the IP address of the server as well as its longitude and latitude. “Country Flag+” currently supports 240 countries, you have the option in the control panel to change the size of the flags as well as to display the map or not.
PRIVACY BADGER
Browsers can leak a lot of data and personal information, and that’s exactly what companies want to gain and obtain from the Internet. “Privacy Badger” has been designed to be able to automatically block invisible trackers by analyzing the domains that seem to follow you while browsing the Web.
“Privacy Badger” will send a “Do not follow” signal. If the trackers ignore this request, “Privacy Badger” will take the necessary measures to block them permanently. Moreover, besides the automatic tracker blocking, “Privacy Badger” blocks click tracking on the outgoing links from Facebook, Google and Twitter.
UBLOCK ORIGIN
“uBlock Origin” is an extension that blocks ads and web trackers. Very light in the computer resources usage, this extension is able to use and to treat thousands of filters. Below a screenshot of all blocked items from the French website https://bfmtv.com
Flexible, “uBlock Origin” is not just an ads and tracking blocker. This extension also supports creating and reading filters from custom “hosts” files.
EXIF VIEWER
The photos contain are a real gold mine in terms of information. You may not know it, but they contain metadata that may reveal information such as where the photo was taken, the type and brand of device used, the date and time, the program used for editing and much more.
To access this information you must have a program or application that can read the “Exif” data in the images. “Exif Viewer” allows you to extract this information quickly and easily with just one click.
BUILDWITH
If for one reason or another you need to know the different technologies used by a specifc website “BuildWith” is the perfect extension because of its ease of use and the information it returns.
In order to know everything about a website, simply click on the “BuildWith” icon to see the list of the different services, technologies, hosting, extensions, libraries, social networks, programming language, displaying language associated with the website.
We only mentioned a tiny part of all the information that “BuildWith” can return about a website because the list is too long to be mentioned here. In addition “BuildWith” offers you from their website an incredible number of information that can be very useful.
You can for example from their website get a list of million websites using a specific CMS or technology.
If you have any questions about this article, any feedback, suggestion, if you want to share your thoughts with us or either if you would like to join the community and contribute, please feel free to do it using the below comment form.
https://dotweak.com/en/2019/08/18/top-9-browser-extensions-used-by-hackers-and-pentesters-66593399/
Comentários
Postar um comentário