Basic Hacking with Firefox (Part 1): Information Gathering

January 14, 2016 | Views: 8346

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Basic Hacking with Firefox (Part 1): Information Gathering

Hacking itself consist of different phases. All steps are necessary to perform. The first and most important step is information gathering about a site. During information gathering, information about the HOST and Name servers, IPs, URLs and hidden URLs, HTTP Headers, Cookies, methods and technologies used by the site are very important.

Carefully examination of this information may be used exploit the weak and vulnerable points of a website. There are lot of tools available for information gathering. Most of them are included in Kali Linux, but Windows users do not have much facility to do this.

Today, I’m going to tell you about some useful tools, which can be used with Firefox in Windows. These extensions of Firefox can be used to gather useful information about site:

  1. HttpFox
  2. User-Agent Switcher
  3. RefControl

 

1.    HttpFox:

HttpFox monitors all incoming and on going traffic on website. It shows all HTTP Headers – either Requests or Responses – used by the site. It not only shows the logs of headers, but also shows the contents of a header. The Http header normally consists of the Request and Response types, Cookies, Data (posted through  POST method), cookies expiry, cached value ( Yes or No), expiry of Request and Response, referrer and User Agent etc. HttpFox shows full header information. HttpFox also shows the cookies information including cookies data, expiry, source, path etc.

Benefits Of HttpFox:

The HttpFox shows all request and response headers and URLs to the site send and receive headers. Using this feature, it can find the hidden URLs in a site.  The HttpFox shows Cookies data, which can be amended and used to send payloads to that website. HttpFox shows the query strings used by the website and their POST data, which can further be used to cross site scripting or desired query.
Download HttpFox

 

2.    User-Agent Switcher:

User-Agent Switcher is another important Firefox extension that’s used to change the user agent. User Agent in the Request Header contains the information of Browser used by the user. By looking the at the browser sites, it sends the different website layout and functionalities.

Benefits of User-Agent Switcher:

As the websites send different type of layouts and functionalities to different user agents, it may be possible they have less security and validations applied on a website for Mobile Users. Changing the user agent to iPhone 3.0, one may be able to launch different attacks like cross site scripting on website.
Download User-Agent Switcher

 

3.    RefControl:

Http headers also contain information about referrer ( a site which sends to other site or server). The sites looking at referrer decides the nature of the request. One site can be used to request some data from other site. Sometimes, the trusted referrer can be used to send payloads to websites and attacks.

Benefits of RefControl:

Different options are available to control referrer for a specific site .
-Normal (No change actual referrer)
-Block (Send no referrer)
-Forge (Send the root of this site)
-Custom
-3rd party request only
Forge and custom options can be used to exploit a website and to access the data desired.
Download RefControl

 

Thanks and please post your questions/comments below.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
32 Comments
  1. Wow! this is awesome

  2. This addon are good but not enought. If you want to build a hacking or pentesting browser you must use the addon of the mantra owasp. I think is complete for take all the task of gathering information.

  3. Thanks for sharing these tips!

  4. 1 how do you amend the cookies data, that can then be used to send payloads to the site for ethical hacking(test) purposes
    2 how do you specifically send payloads to the site(give steps – for only ethical hacking purposes to expose vulnerabilities)

  5. Good One !!

Page 5 of 5«12345
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel