Top Web Browser Extensions for Hackers and Security Researchers

Web browser extensions gives additional features to any normal web browser. Extensions are capable of giving functionality from capturing web pages to downloading videos from restricted websites. Most web browser extensions runs in background and continuously helps users to use extensions features efficiently. According to ethical hacking researcher of international institute of cyber security while doing pentesting/ vulnerability assessment many web browser extensions can be used for finding basic info of any website. Extensions are also refers as web browser addons. There are numerous web browser extensions which are used by pentesters like extracting information from any image or check web site information.

Privacy Badger

While making any financial or any other transactions, no user wants to share their details. Users can opt out for privacy badger which has capability of blocking unnecessary tracking. Now days most website uses tracker cookies to make an site preference for different users. This helps companies to collect data regarding preferences which user makes. According to privacy badger developers, privacy badger sends Do Not Track Signals to different websites. Privacy Badger removes outgoing links on third party sites and click tracking on social networking websites.

Privacy Badger Blocking Trackers
Privacy Badger Blocking Trackers on Chrome

With its continuously usage of privacy badger, learns to block ads more efficiently. Download link privacy badger.

Ublock Origin

Ublock Origin is used for content-filtering, ad-blocking. It can blocks malicious web sites, block different ads, popus, tracker sites. Ublock Origin helps to surf on different sites by disabling the trackers. Mostly eCommerce platforms uses trackers to know their consumer preferences. Below shows how youtube.com trackers are blocked. The Red one indicates that trackers blocked and blue, white indicates that trackers allowed.

  • Ublock works automatically, users don’t need to click on any icon.
Ublock_Origin
Ublock_Origin on FireFox

Download Ublock_origin.

Go_Back_In_Time

Go back in Time is used to open archived web pages. This extension helps in viewing old web pages in its earlier version. Go back in time provides different search engines to view web pages in its earlier version.

  • After installing extension. Open any web page, right click anywhere on web page. Click on Go Back In Time then click on any search engine for opening desired web page.
  • We have used Google cache for opening YouTube old version. Other options are: CoralCDN, The Internet Archive, Yahoo! Cache, MSN Cache, Gigablast Cache, WebCite
Go_Back_In_Time
Go_Back_In_Time on Chrome

Download Go Back In Time.

User-Agent-Switcher

User agent Switcher is a extension can be used by hacker or cyber security research for modifying the User Agent. User can use user agent switcher to confuse servers in impersonating its browser and OS details.

  • For changing agent switcher. Download the chrome extension and click on Agent Switcher icon. Then select your desired agent switcher and click on apply.
Changing Agent Switcher
Changing Agent Switcher on Chrome
  • After changing agent switcher refresh web page & you will see that agent switcher will change
Agent Switcher
Agent Switcher on Chrome

Exif-Data Information Extractor

Exif-data information shows meta data about any image. Capturing image also captures many more information than only an image. Image contains camera settings like – aperture, ISO, shutter speed, white balance, date, time, image histogram and other information. Stenography is an another process used in hiding files behind any image. But this extension only shows the exif-data information.

  • For using this extension. Download exif-data viewer, then open any image which contains exif-data information. Right click on image then click on Show Exif Data.
Exif-Data Viewer
Exif-Data Viewer
  • Above shows the exif-data with its date, time F.Length, Metering Mode, Flash, White balance. Above exif-data information can be used in initial part of information gathering of ethical hacking.

Wappalyzer

Gathering information about any website before starting penetration testing. Wappalyzer shows web servers details which helps security testers to move on next phases.

  • Download and install the wappalyzer. Then open any website and click on below icon which shows the front-end and back-end languages which are used in information gathering.
wappalyzer on mozilla
wappalyzer on mozilla
  • Above shows that certifiedhacker.com is using libraries and Apache web server.

Connect Remotely Using SSH

SSH (Secure Remote Login) helps users connect remotely with other machines. For connecting with SSH users have to enter the IP address and port 22. Then enter the username. Users can also use web browsers for connecting with another machines. For using SSH on Google Chrome. Download the extension.

  • Open chrome browser, type chrome://apps, Click on Secure Shell App.
SSH (Secure Shell APP)
SSH (Secure Shell APP) on chrome
  • Then click on enter. Now it will ask for password. Enter password.
Secure Shell App Login
Secure Shell App Login
  • Above shows that SSH has login successfully in web browser. Now pentester can run different shell scripts from here.
  • This extension comes in handy in ethical hacking courses offered by International Institute of Cyber Security

Traffic Masking – Chaff

Chaff helps in generating random sites traffic to confuse trackers or network traffic monitors. Chaff generates random fake network traffic. Users can configure different sites in Chaff settings on which sites users wants to generate fake traffic.

  • Download Chaff and install. Then click on its icon. After then chaff will start generating fake network traffic. Chaff will open a new tab and will open another web page as per configured in chaff settings.
Chaff
Chaff on Chrome
  • For configuring Chaff settings, Go to sources for configuring site settings.
Chaff_Settings
Chaff_Settings
  • Above settings are used for starting point for generating fake network traffic.

Nimbus_Screenshot

Many times while researching, pentester needs to download file. Some sites prohibit downloading option to stop spamming. There are numerous extensions which are used for taking screenshots. We will use Nimbus Screenshot. Nimbus creates, shares screenshots of any website. Nimbus also gives option for creating entire web page screenshot. Like any other snipping tools. Nimbus offers capturing particular part of web page, selected area or selected scroll and different options for capturing web pages.

  • Download Nimbus Screenshot and install. Open any web page, right click on Nimbus icon.
Nimbus Screenshot
Nimbus Screenshot
  • Select any options as per requirement for capturing screenshots.
Nimbus_Screenshot_Options
Nimbus_Screenshot_Options
  • Above shows the Nimbus screenshot options shows image editing options.

Shodan

Shodan is very popular engine for finding information regarding devices on Internet. With shodan pentester can gather different information like hosted country, open ports, top CVE, vulnerabilities and other databases which are available online. Shodan also shows open servers, scada systems, open IOT devices. But today we will show you Shodan chrome extension which tells the open ports of any website user visits.

  • Download Shodan and add to chrome. After that open website and click on shodan icon. You will find open ports of any website.
Shodan
Shodan
  • Above shows the open ports, of testphp.vulnweb.com