Monday, March 9, 2015

Firefox Marketplace Security Related Extensions

Firefox add-ons:


Sr. No.
Name
Features
1
XSS-Me
XSS-Me is the Exploit-Me tool used to test for reflected XSS vulnerabilities.
2
noXSS
Protects user against XSS attacks
Not for latest firefox 35
3
NoScript Security Suite 2.6.9.15

Allow active content to run only from sites that user trust, and protect user against XSS and Clickjacking attacks.
4

RightClickXSS 0.2.1


This addon adds a right-click menu option to insert sample XSS payloads into textboxes for security testing. Useful for security researchers or developers testing for cross-site scripting in web applications.
5

FB Phishing Protector 4.4.3


Protects user from Phishing or Scams (through XSS injection attacks) while user is on Facebook
6

ImmuniWeb® Self-Fuzzer 0.9.3


ImmuniWeb® Self-Fuzzer is a simple and free extension that fuzzes user's HTTP requests in real-time to detect SQLi and XSS vulnerabilities on a website, demonstrating how easily these 2 most common web weaknesses can be found by anyone.
7

HackBar 1.6.3


Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster.
8

Secure Login 1.0.6


Secure Login is an extension for Firefox integrated password manager.
Prevents malicious JavaScript code to automatically steal your login data.
Provides an option to protect your login data from all JavaScript code during login.
Websites requiring JavaScript for the login process can be added to an exception list.
Can prevent cross-site scripting (XSS) attacks to steal your passwords without having to deactivate JavaScript.
9

Karma Blocker 0.4.8


Especially useful for blocking third-party resources to help combat privacy leaks (cookies) and security problems (XSS).
10

Netcraft Toolbar 1.10.1


Blocks phishing sites, helping to protect users from online fraud


• Detailed site reports –the extension displays a wealth of information about the sites you visit, helping you to make informed choices about their integrity.

• Risk Ratings – we evaluate the characteristics of the site and compare these against those depicted by fraudulent sites. The result is a simple visual summary displayed on the site report.


• Protection against cross site scripting (XSS) – The extension optionally traps XSS and other suspicious URLs which contain characters with no purpose other than to deceive.
11

X-Forwarded-For Spoofer 1.0.2


With this add-on, you can assign an arbitrary IP address to the X-Forwarded-For field, attempt to perform XSS by including HTML in this field, or even attempt SQL injection.


Not available for firefox 35.0
12

HTTP Content Security Policy Detector 0.78


It scrutinizes the HTTP Response Headers for the presence of X-Content-Security-Policy.
13

SiteCheck extension for Firefox 1.0.3


Scan any website for security issues, blacklisting, and malware with Sucuri SiteCheck
14

Clickjacking Reveal 1.1


This extension tries to warn you if it found clickjacking technique on the page you are viewing.
15

Clickjacking Defense - Declarative Sec Detector 0.77


It scrutinizes the HTTP Response Headers for the presence of X-Frame-Options Header
16

Policeman 0.18.1


Policeman gives you precise control over what web requests are allowed. Create rules based on domain name and type of resource being requested. It can also be used to improve privacy or block cross-site scripts.
17

XSSed Search 20101014


Search the cross-site scripting database at XSSed.Com
18

Remove Cookie(s) for Site 0.63


A very simple extension to remove all the cookies of currently opened site. It adds an option to the Right Click menu of the page, and a Clear Cookies Button to perform this operation. It displays the status of operation in the status bar
19

Simple Site Blocker 1.1


A simple site blocker with whitelist features.
20

Controle de Scripts 1.0.3


Controle de Scripts is an extension that allows you to control what JavaScripts do on your browser. It adds extra settings to your browser preferences window, improving its native JavaScript control interface.
21

CSRF Finder 1.2


CSRF Finder captures http request and looks csrf vulnerability
22

RequestPolicy 0.5.28


Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks.
23

CsFire 1.0.8


CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery (CSRF). CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE/SANS top 25 programming errors.
24

Self-Destructing Cookies 0.4.7


Fix the web. Gets rid of a site's cookies and LocalStorage as soon as you close its tabs. Protects against trackers and zombie-cookies. Trustworthy services can be whitelisted.
25

SQL Inject Me 0.4.7


SQL Injection vulnerabilites can cause a lot of damage to a web application. A malicious user can possibly view records, delete records, drop tables or gain access to your server. SQL Inject-Me is Firefox Extension used to test for SQL Injection vulnerabilities.
26

SecurityFocus Vulnerabilities search plugin 20091001


This plugin lets you search on Security Focus Vulnerabilities.
27

SurfPatrol 1.2.1


SurfPatrol invisibly scans your browser and signals to you if any vulnerability in Firefox or its plugin is found. Notifications are displayed on the browser’s toolbar.
28

Heartbleed Monitor 0.2.1


A Firefox add-on to notify you when you visit a webpage vulnerable to Heartbleed
29

PunkSPIDER 1.0


Displays web vulnerability information from PunkSPIDER about the site you're currently visiting. PunkSPIDER is an open source project that scans the entire Internet for web vulnerabilities and provides the results free and open to the public.

Network Security Awareness Event

Topic: Network and Wireless Security
Venue: VIIT E&TC Dept
Time: 10:30 am to 12:30pm
Date: 9th March 2015

We conducted Network and Wireless security awareness event in E&TC dept of VIIT. Final year (BE) elex students were the attendees of the event.

I explain basic of network security and properties of security such as confidentiality, integrity, authentication, and availability.

Siddharth Rao demonstrated WPA2 password hacking technique and email credential harvesting using phishing site. Then he explained how to countermeasure these hacks.

Photos: