Basic Hacking with Firefox (Part 1): Information Gathering

Basic Hacking with Firefox (Part 1): Information Gathering

Hacking itself consist of different phases. All steps are necessary to perform. The first and most important step is information gathering about a site. During information gathering, information about the HOST and Name servers, IPs, URLs and hidden URLs, HTTP Headers, Cookies, methods and technologies used by the site are very important.Carefully examination of this information may be used exploit the weak and vulnerable points of a website. There are lot of tools available for information gathering. Most of them are included in Kali Linux, but Windows users do not have much facility to do this.Today, I'm going to tell you about some useful tools, which can be used with Firefox in Windows. These extensions of Firefox can be used to gather useful information about site:

1. HttpFox
2. User-Agent Switcher
3. RefControl

 1.    HttpFox:HttpFox monitors all incoming and on going traffic on website. It shows all HTTP Headers - either Requests or Responses - used by the site. It not only shows the logs of headers, but also shows the contents of a header. The Http header normally consists of the Request and Response types, Cookies, Data (posted through  POST method), cookies expiry, cached value ( Yes or No), expiry of Request and Response, referrer and User Agent etc. HttpFox shows full header information. HttpFox also shows the cookies information including cookies data, expiry, source, path etc.Benefits Of HttpFox:The HttpFox shows all request and response headers and URLs to the site send and receive headers. Using this feature, it can find the hidden URLs in a site.  The HttpFox shows Cookies data, which can be amended and used to send payloads to that website. HttpFox shows the query strings used by the website and their POST data, which can further be used to cross site scripting or desired query.Download HttpFox 2.    User-Agent Switcher:User-Agent Switcher is another important Firefox extension that's used to change the user agent. User Agent in the Request Header contains the information of Browser used by the user. By looking the at the browser sites, it sends the different website layout and functionalities.Benefits of User-Agent Switcher:As the websites send different type of layouts and functionalities to different user agents, it may be possible they have less security and validations applied on a website for Mobile Users. Changing the user agent to iPhone 3.0, one may be able to launch different attacks like cross site scripting on website.Download User-Agent Switcher 3.    RefControl:Http headers also contain information about referrer ( a site which sends to other site or server). The sites looking at referrer decides the nature of the request. One site can be used to request some data from other site. Sometimes, the trusted referrer can be used to send payloads to websites and attacks.Benefits of RefControl:Different options are available to control referrer for a specific site .-Normal (No change actual referrer)-Block (Send no referrer)-Forge (Send the root of this site)-Custom-3rd party request onlyForge and custom options can be used to exploit a website and to access the data desired.Download RefControl Thanks and please post your questions/comments below.