Web browser extensions gives additional features to any normal web browser. Extensions are capable of giving functionality from capturing web pages to downloading videos from restricted websites. Most web browser extensions runs in background and continuously helps users to use extensions features efficiently. According to ethical hacking researcher of international institute of cyber security while doing pentesting/ vulnerability assessment many web browser extensions can be used for finding basic info of any website. Extensions are also refers as web browser addons. There are numerous web browser extensions which are used by pentesters like extracting information from any image or check web site information.
- For testing we will use Google Chrome and Mozilla Firefox web browsers on Windows 10 with build version 1709.
- Open Google Chrome browser go to https://chrome.google.com/webstore/category/extensions and in Mozilla Firefox go to https://addons.mozilla.org/en-US/firefox/
- Now moving on to the, top Web Browser Extensions for Hackers and Security Researchers.
Privacy Badger
While making any financial or any other transactions, no user wants to share their details. Users can opt out for privacy badger which has capability of blocking unnecessary tracking. Now days most website uses tracker cookies to make an site preference for different users. This helps companies to collect data regarding preferences which user makes. According to privacy badger developers, privacy badger sends Do Not Track Signals to different websites. Privacy Badger removes outgoing links on third party sites and click tracking on social networking websites.
With its continuously usage of privacy badger, learns to block ads more efficiently. Download link privacy badger.
Ublock Origin
Ublock Origin is used for content-filtering, ad-blocking. It can blocks malicious web sites, block different ads, popus, tracker sites. Ublock Origin helps to surf on different sites by disabling the trackers. Mostly eCommerce platforms uses trackers to know their consumer preferences. Below shows how youtube.com trackers are blocked. The Red one indicates that trackers blocked and blue, white indicates that trackers allowed.
- Ublock works automatically, users don’t need to click on any icon.
Download Ublock_origin.
Go_Back_In_Time
Go back in Time is used to open archived web pages. This extension helps in viewing old web pages in its earlier version. Go back in time provides different search engines to view web pages in its earlier version.
- After installing extension. Open any web page, right click anywhere on web page. Click on Go Back In Time then click on any search engine for opening desired web page.
- We have used Google cache for opening YouTube old version. Other options are: CoralCDN, The Internet Archive, Yahoo! Cache, MSN Cache, Gigablast Cache, WebCite
Download Go Back In Time.
User-Agent-Switcher
User agent Switcher is a extension can be used by hacker or cyber security research for modifying the User Agent. User can use user agent switcher to confuse servers in impersonating its browser and OS details.
- For changing agent switcher. Download the chrome extension and click on Agent Switcher icon. Then select your desired agent switcher and click on apply.
- After changing agent switcher refresh web page & you will see that agent switcher will change
- Above shows that agent switcher has changed. Download User Agent Switcher
Exif-Data Information Extractor
Exif-data information shows meta data about any image. Capturing image also captures many more information than only an image. Image contains camera settings like – aperture, ISO, shutter speed, white balance, date, time, image histogram and other information. Stenography is an another process used in hiding files behind any image. But this extension only shows the exif-data information.
- For using this extension. Download exif-data viewer, then open any image which contains exif-data information. Right click on image then click on Show Exif Data.
- Above shows the exif-data with its date, time F.Length, Metering Mode, Flash, White balance. Above exif-data information can be used in initial part of information gathering of ethical hacking.
Wappalyzer
Gathering information about any website before starting penetration testing. Wappalyzer shows web servers details which helps security testers to move on next phases.
- Download and install the wappalyzer. Then open any website and click on below icon which shows the front-end and back-end languages which are used in information gathering.
- Above shows that certifiedhacker.com is using libraries and Apache web server.
Connect Remotely Using SSH
SSH (Secure Remote Login) helps users connect remotely with other machines. For connecting with SSH users have to enter the IP address and port 22. Then enter the username. Users can also use web browsers for connecting with another machines. For using SSH on Google Chrome. Download the extension.
- Open chrome browser, type chrome://apps, Click on Secure Shell App.
- Then click on enter. Now it will ask for password. Enter password.
- Above shows that SSH has login successfully in web browser. Now pentester can run different shell scripts from here.
- This extension comes in handy in ethical hacking courses offered by International Institute of Cyber Security
Traffic Masking – Chaff
Chaff helps in generating random sites traffic to confuse trackers or network traffic monitors. Chaff generates random fake network traffic. Users can configure different sites in Chaff settings on which sites users wants to generate fake traffic.
- Download Chaff and install. Then click on its icon. After then chaff will start generating fake network traffic. Chaff will open a new tab and will open another web page as per configured in chaff settings.
- For configuring Chaff settings, Go to sources for configuring site settings.
- Above settings are used for starting point for generating fake network traffic.
Nimbus_Screenshot
Many times while researching, pentester needs to download file. Some sites prohibit downloading option to stop spamming. There are numerous extensions which are used for taking screenshots. We will use Nimbus Screenshot. Nimbus creates, shares screenshots of any website. Nimbus also gives option for creating entire web page screenshot. Like any other snipping tools. Nimbus offers capturing particular part of web page, selected area or selected scroll and different options for capturing web pages.
- Download Nimbus Screenshot and install. Open any web page, right click on Nimbus icon.
- Select any options as per requirement for capturing screenshots.
- Above shows the Nimbus screenshot options shows image editing options.
Shodan
Shodan is very popular engine for finding information regarding devices on Internet. With shodan pentester can gather different information like hosted country, open ports, top CVE, vulnerabilities and other databases which are available online. Shodan also shows open servers, scada systems, open IOT devices. But today we will show you Shodan chrome extension which tells the open ports of any website user visits.
- Download Shodan and add to chrome. After that open website and click on shodan icon. You will find open ports of any website.
- Above shows the open ports, of testphp.vulnweb.com
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator. He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.
