Google Chrome is one of the most popular web browsers that many people use nowadays because of its clean and user-friendly interface. But what about turning your simple Google Chrome Web Browser into a hacking-machine?
In this article we will about Best Chrome Extensions for Penetration Testing. There are more than thousands of Google Chrome extensions for each and every aspect in Google Chrome Store. From these thousands of extensions there are some awesome extensions with the help of which you can do penetration testing or simply turn your Chrome browser into a hacking machine.
Google Chrome Extensions Popular Among Pen Testers Or Ethical Hackers
Well, in this article we have came up with 25 best chrome extensions for penetration testing that are mostly used by ethical hackers and penetration testers. You will find all the extensions in Google Chrome’s Web Store that we will discuss here. From these extensions few of them may not be available unofficially but you can easily download it from the official website of Chrome.
- Websecurify Chrome Extension: This is a pretty powerful cross platform web security testing tool used by many hackers. You can find this extension tool for various desktop and even mobile platforms. This tool is definitely one of the best chrome extensions for penetration testing as this is capable of finding XSRF, XSS, SQL Injection, CSRF, URL redirection and other different type of security vulnerabilities. Websecurify Chrome even has a built in crawler that scans and crawls web-pages.
- Hack This Page Chrome Extension: This Chrome extension allows you to literally unlock and edit any websites you want to. After the installation of this extension you just have to click the skull icon on the web-page you want to apply. Well, if the hack this page chrome extension is not working even after clicking the skull icon then you just need to refresh the web-page. Though hack this page extension removed from the Google Chrome Store because Chrome Brutal Force Extension and also the owner of this extension can easily access the user’s computer and control it. So, how to get hack this page? Well, you can find hack this page download link unofficially in other websites.
- Hacktab Chrome Extension: This Chrome extension checks four types of vulnerability problems i.e., MSSQL injection, MySQL injection, also finds some local file include vulnerabilities and even for the possible exploits caused by cross by cross-site scripting (XSS). If you are looking for hacktab tutorial then the first thing you have to keep in mind that this extension does not run right away after installation, first you have to setup the domains which you want to scan for vulnerabilities just by clicking the icon on the top right corner.
- XSS Chef Chrome Extension: This extension is one of the best chrome extensions for penetration testing that works directly in the browser. This extension identifies the XSS vulnerability in any web application. XSS Chef performs the following tasks: a)It executes JS on every tab therefore global XSS. b) Even performs monitor open tabs of the victims.
- It can extract HTML read/write cookies in local storage but only for HTTP web pages.
- This extension can even get and manipulate the browser history.
- It can even take screen-shot anonymously of the victim’s window.
- The extension can bypass Chrome extensions content script sandbox and interact directly with the page JS.
- Another thing is it can explore the file-systems through the file:// protocol.
This is not just an extension but a framework also so the installation is also not same as any other extensions.
- d3coder Extension For Chrome: This extension is also another good Chrome extension used by many ethical hackers and pen-testers. This extension allows us to decode and encode the selected text via context menu. Therefore it also saves the time taken to decode and encode the strings by use of separate tools and the extension can perform some various ranges of functions.
- XSS Rays Chrome Extension: XSS chrome extension helps in finding the XSS vulnerability in any websites. The extension also finds that the website on which you are applying it is filtering the codes. You can read more about XSS Rays here.
- Web Developer: This extension adds tool bar on the top of the website with wide range of web development tools in Google Chrome. With the help of these tools many pen-testers performs different type of functions. And it also helps us in analyzing web application elements such as HTML and JS.
- Firebug Lite Chrome Extension: This extension gives us a pretty good visual environment to analyze DOM elements, HTML elements and the other Box Model Shading. Firebug Lite also provides us live CSS editing.
- Site Spider Chrome Extension: After installation of this extension it adds a crawler in Google Chrome Browser. But if you don’t want it then you can restrict the Site Spider by adding some restrictions and the regular expressions and works at the client’s side also. With the use of your authentication this extension can able to access all the web-pages.
- Form Fuzzer Chrome Extension: This Google Chrome extension is normally used to populate the predefined characters into the different form fields. The extension can also able to select radio buttons, checkboxes and even other items is the form in a website. This extension is really helpful for testing any forms.
- Microbe Chrome Extension: This extension is generally used by Web penetration testers or ethical hackers but some of the components in it can be the individual applications themselves such as Krypton, cookie manager or the form handler. SQL injection extension one of the most destructive and influenced attack methods can also be performed by Microbe. Other than that this extension is specially designed to help people to do those kinds of attacks more easy way with the help of short-codes.
- Session Manager Chrome Extension: This extension is pretty powerful as it allows users to update, remove, save or even restore any set of tabs. With the help of this extension an individual can create a group of tabs of the same interest and then in just one click restore all those pages.
- Request Maker: This extension is a core penetration testing tool used by many ethical hackers. The extension is used for creating and capturing the requests, making new headers with the post data and tampering the URL. Request maker can capture all requests made via forms or even XMLHttpRequests.
- Hackbar Chrome Extension: This extension is a simple penetration tools though helped by many pen-testers. Hackbar for Chrome helps in testing XSS holes, SQL injections and site security of any website. The main purpose of the extension is to help the developers to do security audits on their codes.
- HPP Finder Chrome Extension: This is a nice extension too of Google Chrome browser. The extension helps in finding the HTTP Parameter Pollution or HPP vulnerability and exploits the system. HPP Finder can even detect and exploit the HTML Form or URLs that may be susceptible of HPP attacks.
- GHDB Chrome Extension: This extension is a pretty nice Google hack query search tool. GHDB extension helps to search for some necessary Google hack queries to find some specific pages based on some special Google search parameters. It helps you to understand the web security basics in a better way.
- iMacros Chrome Extension: Well, you might need to automate few repetitive tasks on web while performing wide range of web page testing processes. With the help of iMacros extension you can do all these.
- IP Address and Domain Information Chrome Extension: This extension is an information gathering tool that helps you to track and find anyone’s geo-location, DNS, search results, hosting, domain, DNSBL, BGP and even ASN information of every IP addresses.
- Cookie Editor Chrome Extension: This is an awesome Google Chrome Extension that lets their users to edit cookies and is used by majority of the ethical hackers. This extension is pretty much useful while hijacking the vulnerable test sessions. The extension helps the users to add, search or edit cookies.
- Cache Killer Chrome Extension: This is another useful extension which automatically clears the browser cache before the loading of web-page. You can easily enable or disable the extension just with only one single click.
- Proxy SwitchySharp Chrome Extension: This is a useful extension that helps in managing and switching between multiple proxies pretty fast. The extension also can set auto proxy switching based on the URLs. With the help of this you can also export and import data pretty easily.
- Port Scanner Chrome Extension: This extension adds port scanning capabilities to the Google Chrome Browser. It can even scan that which TCP ports are listening. This extension can also analyze any of the given IP or URL addresses and then scan for the open ports to help the user to secure them.
- The Exploit Database Chrome Extension: This is a pretty useful Chrome extension which keeps the users updated with all the latest exploits, shell code and the white papers available on the Exploit Database server.
- Bishop Vulnerability Scanner Chrome Extension: This is an awesome Chrome extension for penetration testing as it lets the user to setup their own vulnerability scan rules according to their requirements. This extension scans the URLs and the detecting holes in the content management systems installed on the websites such WordPress, Joomla, etc.
- Stopbleed Chrome Extension: This vulnerability checker extension for Google Chrome helps the users to detect any of the websites which still have not patched up the popular heart-bleed bug which allow many third parties such as black-hat hackers to spy on their victim’s computer when they are on a webpage that uses SSL encryption.
You can read more about Penetration Testing at the below mentioned source:
We hope you like the article. Tell us your ideas and opinion in the comments section.