Extend Your Browser

By Red Siege | May 9, 2024

by Ian Briley, Security Consultant

In my last blog, I discussed using only a browser for web application testing, emphasizing how useful built-in browser tools like the Inspector and Console can be for security assessments. This approach allows for a straightforward examination of web applications without relying on additional software tools. For a deeper dive into this method, check out the full blog post here.

Today I’m going to share a few web browser extensions I find useful while performing said tests.

FoxyProxy

This should come as no surprise to anyone that FoxyProxy is making an appearance on this list. Even though Burp now his it’s own built-in browser to proxy all your testing traffic, I still use this extension for quick sanity checks where I can proxy all my traffic to a remote VM on the internet to confirm if I’m being blocked or throttled by a security device. Additionally, when doing internal penetration tests, this is a great web extension for proxying your traffic to a local socks proxy (e.g., via SSH to a dropbox) to reach out to an internal client network. This way I can interact with the internal web applications as how any user on that network would.

 

Wappalyzer

This is also a no brainer. I use this to skim data quickly about what technologies the application uses. Burp will do this too, and many other scanning tools can do this as well. I also like how this extension just gathers all the data in one spot for me to do a quick once over. I typically like to use this extension while I’m doing my initial walk through of the application. It gives me a sense of what the developer is trying to accomplish based on the information returned.

 

EditThisCookie

I use this extension for two reasons. The first being is I am (for better or worse) a visual creature. I tend to notice more things in the Cookie Editor provided view as opposed to looking at the 10+ cookies, one listed after another, in a text format in Burp’s really busy UI. And being able to just edit the cookies on the fly and seeing how it’ll impact the user in the browser is a huge bonus as well.

 

The second reason is this extension makes it so much easier to get screenshots and walk clients through any cookie manipulation techniques compared to how Burp displays the request and response. This is so much nicer to look in a report, and I think makes the screenshot clearer and easier to understand. This is also an easier sell then asking a client to download Burp to recreate the cookie changes.

 

Note Anywhere

This is the extension I’m most excited to put in front of people and my favorite to help organize my thoughts and help identify functional portions of the web application. A big chunk of being successful during any type of penetration test is being organized. I am a diehard champion for notecards and sticky notes. This digitizes the sticky notes.

 

The kicker with this application is you and place sticky notes on the web applications, resize them, and change the colors. The app will remember on what page you put the sticky notes, the size and color. So I generally will walk through an application and “Sticky” note things I want to go back and check. This can be functionality, forms, input opportunities, and much more.

 

Then after I finish the initial walkthrough, I can get a summary of all my notes and go back to the portion of the web application I find interesting. My biggest gripe is this summary screen does not show my notes for that specific page without actually clicking the link to view it.

 

Final Thoughts

Integrating these browser extensions into your web application testing strategy can significantly streamline your security assessments. Whether it’s through FoxyProxy for versatile traffic management, Wappalyzer for a quick technology overview, or EditThisCookie for dynamic cookie manipulation, each tool brings a unique value to the table. These tools not only enhance our testing capabilities but also offer clarity and efficiency. Embrace these extensions to enrich your testing process, stay organized, and ultimately provide your clients with clear, comprehensible results. Remember, the right tools can transform a good test into a great one—empowering you to deliver more secure and robust applications. Let me know if you have any others I should be checking out in our Red Siege Offensive Community Discord.

 


About Ian Briley, Security Consultant

Ian Briley has over 10 years of experience in information security consisting of The United States Armed Forces, the Healthcare industry, Security Operation Centers, and Security Consulting. Ian is an experienced presenter, trainer, developer, maker, and researcher. Ian enjoys attending local security focused groups and learning more about cloud-based environments and solutions.

Certifications:
CRTO, GWAPT, eJPT, CySA+, SSCP, SEC+

Connect on Linkedin

Introducing Delta Encoder

By Red Siege | April 15, 2024

By Corey Overstreet, Senior Security Consultant Recently, our own Mike Saunders released a novel shellcode obfuscation technique with the tool Jigsaw. If you haven’t checked out the GitHub repository or […]

Learn More
Introducing Delta Encoder

Using Microsoft Dev Tunnels for C2 Redirection

By Red Siege | April 9, 2024

by Justin Palk, Senior Security Consultant   As penetration testers, we’re always on the lookout for new ways to get our command-and-control (C2) traffic out of a client’s network, evading […]

Learn More
Using Microsoft Dev Tunnels for C2 Redirection

SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access

By Red Siege | April 1, 2024

By: Alex Reid, Current Red Siege Intern   In the April 2018 release of Windows 10 version 1803, Microsoft announced that the Windows OpenSSH client would ship and be enabled […]

Learn More
SSHishing – Abusing Shortcut Files and the Windows SSH Client for Initial Access

Find Out What’s Next

Stay in the loop with our upcoming events.