Cатсн²² (in)sесuяitу / ChrisJohnRiley

After looking over the slidedeck from Michael “theprez98” Schearer’s Blackhat Webcast, I decided (like a lot of people I’m sure) to have a quick look at what Firefox add-ons were available to make penetration testing using the browser a little easier. My portable Firefox edition already has a number of extensions installed for the usual stuff. Things like FoxyProxy, Web Developer Toolbar, Fire/FlashBug and the SQL Inject Me, Access Me and XSS Me tools from Security Compass have been installed for a long time. They come in useful for specific tasks, even when I’m not doing Web app testing. One thing I’d not really looked at though was the possibility of adding to the search providers list (found in the upper right-hand corner).     

Firefox Search

By default the drop down list comes with your typical default options (Google, Yahoo, Wikipedia and a few others). These all nice an everything, but for what we do, they’re not always the sources we need. After all, if you know you want to search for a CVE number, the why google for it. Best to go straight to the source, and pull up the info you need quickly and efficiently. So with that in mind, here are a few nice additions to the search list in Firefox.      

CVE dictionary search plugin 

• As the name suggests, this plugin allows you to search on keywords or CVE numbers and receive the results directly from Mitre.
• The search simply sends a request to http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword= with the search value set at the  keyword parameter

• https://addons.mozilla.org/en-US/firefox/addon/14598          

 Open Source Vulnerability Database Search

• For those that prefer to use OSVDB over CVE, there’s also an add-on that searches the OSVDB site
• https://addons.mozilla.org/en-US/firefox/addon/45607

  OVAL Repository

• OVAL (Open Vulnerability and Assessment Langauge) – The Standard for determining and Configuration Issues on Computer Systems
• https://addons.mozilla.org/en-US/firefox/addon/14600

 Packet Storm

• This plugin lets you search on Packet Storm – www.packetstormsecurity.org – database.
• Packet Storm offers an abundant resource of up-to-date and historical security tools, exploits, and advisories.
• https://addons.mozilla.org/en-US/firefox/addon/46818 

  RFC Search Plugin

• We all love RFCs don’t we! Yes, yes we do ;).
• https://addons.mozilla.org/en-US/firefox/addon/14780

 Pcapr  search

• This plugin lets you search on Pcapr – http://www.pcapr.net – archive
• Need an example packet capture? PCAPr is the place to find it
• https://addons.mozilla.org/en-US/firefox/addon/50414

  Exploit DB

• This plugin lets you search on Offsec Exploit archive – http://exploit-db.com. Offsec Exploit archive, also known as Explo.it, is the replacement of Milw0rm archive.
• Everybody needs exploits after all!
• https://addons.mozilla.org/en-US/firefox/addon/50241

 CIRT Default Password-DB

• Search CIRT.net default password database
• https://addons.mozilla.org/en-US/firefox/addon/58786

This isn’t a complete list by any means, but hopefully it’s a good start. I’ve not had a chance to run these through a transparent proxy to see the exact information being sent/received, so our mileage may vary. Use at your own risk.