|
Sr. No.
|
Name
|
Features
|
|
1
|
XSS-Me
|
XSS-Me is the Exploit-Me tool used to test for
reflected XSS vulnerabilities.
|
|
2
|
noXSS
|
Protects user
against XSS attacks
Not for latest firefox 35
|
|
3
|
NoScript Security Suite 2.6.9.15
|
Allow active content to run only from sites
that user trust, and protect user against XSS and Clickjacking
attacks.
|
|
4
|
RightClickXSS
0.2.1
|
This addon adds a right-click menu option to
insert sample XSS payloads into textboxes for security testing.
Useful for security researchers or developers testing for
cross-site scripting in web applications.
|
|
5
|
FB
Phishing Protector 4.4.3
|
Protects user from Phishing or Scams (through
XSS injection attacks) while user is on Facebook
|
|
6
|
ImmuniWeb®
Self-Fuzzer 0.9.3
|
ImmuniWeb® Self-Fuzzer is a simple and free
extension that fuzzes user's HTTP requests in real-time to detect
SQLi and XSS vulnerabilities on a website, demonstrating how
easily these 2 most common web weaknesses can be found by anyone.
|
|
7
|
HackBar
1.6.3
|
Its main purpose is to help a developer do
security audits on his code. If you know what your doing, this
toolbar will help you do it faster.
|
|
8
|
Secure
Login 1.0.6
|
Secure Login is
an extension for Firefox integrated password manager.
Prevents malicious JavaScript code to
automatically steal your login data.
Provides an option to
protect your login data from all JavaScript code during login.
Websites requiring JavaScript for the login process can be added
to an exception list.
Can prevent cross-site scripting (XSS)
attacks to steal your passwords without having to deactivate
JavaScript.
|
|
9
|
Karma
Blocker 0.4.8
|
Especially useful for blocking third-party
resources to help combat privacy leaks (cookies) and security
problems (XSS).
|
|
10
|
Netcraft
Toolbar 1.10.1
|
Blocks phishing
sites, helping to protect users from online fraud
• Detailed site
reports –the extension displays a wealth of information about
the sites you visit, helping you to make informed choices about
their integrity.
• Risk Ratings – we evaluate the
characteristics of the site and compare these against those
depicted by fraudulent sites. The result is a simple visual
summary displayed on the site report.
• Protection against cross site scripting
(XSS) – The extension optionally traps XSS and other suspicious
URLs which contain characters with no purpose other than to
deceive.
|
|
11
|
X-Forwarded-For
Spoofer 1.0.2
|
With this add-on,
you can assign an arbitrary IP address to the X-Forwarded-For
field, attempt to perform XSS by including HTML in this field, or
even attempt SQL injection.
Not available for firefox 35.0
|
|
12
|
HTTP
Content Security Policy Detector 0.78
|
It scrutinizes the HTTP Response Headers for
the presence of X-Content-Security-Policy.
|
|
13
|
SiteCheck
extension for Firefox 1.0.3
|
Scan any website for security issues,
blacklisting, and malware with Sucuri SiteCheck
|
|
14
|
Clickjacking
Reveal 1.1
|
This extension tries to warn you if it found
clickjacking technique on the page you are viewing.
|
|
15
|
Clickjacking
Defense - Declarative Sec Detector 0.77
|
It scrutinizes the HTTP Response Headers for
the presence of X-Frame-Options Header
|
|
16
|
Policeman
0.18.1
|
Policeman gives you precise control over what
web requests are allowed. Create rules based on domain name and
type of resource being requested. It can also be used to improve
privacy or block cross-site scripts.
|
|
17
|
XSSed
Search 20101014
|
Search the cross-site scripting database at
XSSed.Com
|
|
18
|
Remove
Cookie(s) for Site 0.63
|
A very simple extension to remove all the
cookies of currently opened site. It adds an option to the Right
Click menu of the page, and a Clear Cookies Button to perform this
operation. It displays the status of operation in the status bar
|
|
19
|
Simple
Site Blocker 1.1
|
A simple site blocker with whitelist features.
|
|
20
|
Controle
de Scripts 1.0.3
|
Controle de Scripts is an extension that allows
you to control what JavaScripts do on your browser. It adds extra
settings to your browser preferences window, improving its native
JavaScript control interface.
|
|
21
|
CSRF
Finder 1.2
|
CSRF Finder captures http request and looks
csrf vulnerability
|
|
22
|
RequestPolicy
0.5.28
|
Be in control of which cross-site requests are
allowed. Improve the privacy of your browsing by not letting other
sites know your browsing habits. Secure yourself from Cross-Site
Request Forgery (CSRF) and other attacks.
|
|
23
|
CsFire
1.0.8
|
CsFire autonomously protects you against
dangerous or malicious cross-domain requests, such as Cross-Site
Request Forgery (CSRF). CSRF is very prevalent and dangerous, as
stated by the OWASP top 10, as well as the CWE/SANS top 25
programming errors.
|
|
24
|
Self-Destructing
Cookies 0.4.7
|
Fix the web. Gets rid of a site's cookies and
LocalStorage as soon as you close its tabs. Protects against
trackers and zombie-cookies. Trustworthy services can be
whitelisted.
|
|
25
|
SQL
Inject Me 0.4.7
|
SQL Injection vulnerabilites can cause a lot of
damage to a web application. A malicious user can possibly view
records, delete records, drop tables or gain access to your
server. SQL Inject-Me is Firefox Extension used to test for SQL
Injection vulnerabilities.
|
|
26
|
SecurityFocus
Vulnerabilities search plugin 20091001
|
This plugin lets you search on Security Focus
Vulnerabilities.
|
|
27
|
SurfPatrol
1.2.1
|
SurfPatrol invisibly scans your browser and
signals to you if any vulnerability in Firefox or its plugin is
found. Notifications are displayed on the browser’s toolbar.
|
|
28
|
Heartbleed
Monitor 0.2.1
|
A Firefox add-on to notify you when you visit a
webpage vulnerable to Heartbleed
|
|
29
|
PunkSPIDER
1.0
|
Displays web vulnerability information from
PunkSPIDER about the site you're currently visiting. PunkSPIDER is
an open source project that scans the entire Internet for web
vulnerabilities and provides the results free and open to the
public.
|
