1. [Your First Book about Ethical Hacking and Penetration Testing Just Using a Browser]
[PENETRATION TESTING USING FIREFOX ADD-ON]
FIREBUG:HTTPFOX:HACKBAR:TAMPER DATA:GROUNDSPEED
XSS-ME:WAPPALYZER:SQL INJECT ME:FOXYPROXY:FLAGFOX
WEB DEVELOPER:FOXYSPIDER:ANONYMOX:CRYPTOFOX:WORLDIP:GHOSTERY
[SRIKANTA SEN] | Certified Ethical Hacker
2. 2
Foreword
For budding ethical hackers or penetration tester, it is difficult to collect or download the tools used for
ethical hacking or penetration testing. What is the tool name? Where can I get the tools? How to use the
tools? How much memory is required to install the tool etc, these are the common question that comes in
mind. As a result they run away from this most promising career opportunity.
So I used a single window (Firefox Browser) and add some tools (Plug-in) one by one to make it a
penetration testing platform. The advantage is that âFirefox Browserâ is free and the Plug-in described in
the book is also freely available and trust me it does not occupy too much of memory space in computer.
Moreover I believe that, all the ethical hacker and penetration testing community should know about the
Plug-in developers.
Penetration testing domain is huge, this book does not tech you penetration testing in a methodical way or
will make you an expert penetration tester, but I believe that, âthis should be the first book if you want to
learn basics of penetration testingâ.
It is assumed that reader knows basics of HTML, JavaScript, and some Sql syntax and has basic
understanding of networking concept.
Author is aware of trademark claim and has no intention of violating the trademark about any Plug-in,
company name or Software mentioned in this book.
I should finish it by thanking the entire ISOEH research team, who constantly gave constructive input for the
betterment of this book.
Any words can be mailed to srikantasen@gmail.com. ï
Date: 01-jan-2015
3. 3
Copyright Notice
THE TOPICS DISCUSSED IN THIS BOOK SHOULD NOT BE COPIED OR REPRODUCED UNLESS
SPECIFIC PERMISSIONS HAVE BEEN GIVEN TO YOU BY THE AUTHOR SRIKANTA SEN.
ANY UNAUTHORIZED USE; DISTRIBUTION OF FULL OR ANY PART OF THIS BOOK IS STRICTLY DISCOURAGED.
Liability Disclaimer
THE TERM âHACKINGâ SHOULD BE READ AND UNDERSTOOD AS âETHICAL HACKINGâ. âETHICAL
HACKINGâ AND âPENETRATION TESTINGâ ARE INTERCHANGEABLYUSED IN THIS BOOK. AUTHOR
IS NOT AGAINST OR IN FAVOR OF ANY ORGANIZATION OR COUNTRY.
NO SUGGESTION OR CRITISISM TO ANY COUNTRY OR ORGANIZATIONâS BUSINESS POLICY BY THE AUTHOR.
THE INFORMATION PROVIDED IN THIS EBOOK IS FOR EDUCATIONAL PURPOSES ONLY.
THE EBOOK CREATOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THE INFORMATION PROVIDED.
THE INTENTION OF THIS EBOOK IS TO DEVELOP A DEFENSIVE ATTITUDE IN ETHICAL HACKER / PENTESTER.
ALL FIREFOX PLUG-IN DISCUSSED IN BOOK ARE FREELY AVAILABLE AND CAN BE USED AT YOUR OWN RISK.
Mozilla Firefox (known simply as Firefox) is a free and open-source web browser.
Firefox plug-in/add-on is built outside of Firefox by companies like Adobe Systems and Apple and many individual.
4. 4
Table of Contents Page Number
A. About Penetration Testing: 9-12
1. What is penetration testing?
2. Benefits of penetration testing.
3. Some terms used in Penetration Testing/Ethical hacking.
4. About Ethical Hacking
5. Phases of Ethical Hacking
6. Some Firefox Add-ons and their Uses
7. FireFox Browser version we are using
B. FIREBUG: 13-25
1. What is Firebug
2. Features of Firebug
3. Installation
4. Components
5. Inspect Html
6.Inspect CSS
7.Inspect JavaScript
8.Error handling by firebug
C. HTTPFOX:
1.What is HTTPFOX
2.Features of HTTPFOX
3.Installation
4.Components explained with PHP codes
i)headers
ii)cookies
iii)Query String
iv) Post Data
26-32
5. 5
Table of Contents Page Number
D. HACKBAR: 33-42
1.What is HACKBAR
2.Features of HACKBAR
3.Installation
4.Look of HACKBAR
5. Manual SQL INJECTION demonstrated with HACKBAR
6.Use of SQL, Encryption, Strip spaces and Encoding feature of HACKBAR
E. TAMPER DATA: 43-53
1.What is TAMPERDATA
2.Features of TAMPERDATA
3.Installation
4.Look of TAMPERDATA
5.Components of TAMPERDATA
6.Fields of TAMPERDATA window and their meaning
7.GET and POST methods
8.Understanding HTTP request of TAMPERDATA
9.How to delete element from webpage
10. Decoding password field from webpage
F. GROUNDSPEED: 54-60
1.What is GROUNDSPEED
2.Features of GROUNDSPEED
3.Installation
4.Look of GROUNDSPEED
5.Components of GROUNDSPEED
6.Manipulating webpage data(php code) using GROUNDSPEED
7.Working with hidden value
8.deactivation of Javascript function using GROUNDSPEED
6. 6
Table of Contents
G. XSS-ME:
1.What is XSS
Page Number
61-74
2.Types of XSS
3.Demonstration of XSS with php codes(GET AND POST METHOD)
5.What is XSS-Me
6.Features of XSS-Me
7.Installation
8.Look of XSS-Me
9.Create your own playload in XSS-Me
10.Running automatic test with payloads
H. WAPPALYZER: 75-77
1.What is WAPPALYZER
2.Features of WAPPALYZER
3.Installation
4.Look of WAPPALYZER
I. SQL INJECT ME: 78-85
1.What is SQL injection basic concept
2.About SQL INJECT ME
3.Features of SQL INJECT ME
4.Installation
5.Look of SQL INJECT ME
6.Find admin page and run SQL INJECT ME
7.Running automated attack using SQL INJECT ME
J. FOXYPROXY: 86-95
1.What is PROXY
2.About FOXYPROXY
3.Features of FOXYPROXY
4.Installation