FireFox Hack Bar Addon
More Images
Long Description
# NEW RELEASE V 1.4.1
# Fixed
- "OSX toolbar not showing" bug!!
- Better layout for INT/HEX addition/subtraction
- A few minor translation bugs
# New Features
- Add/Subtract Octal
- Add/Subtract Alphabetical (a-z)
- Add/Subtract Alpha numeric (a-z 0-9)
- "Strip spaces" function, removes all space chars from selected string
- Convert characters to hex and back in 3 formats (00ff00ff, 00:ff:00:ff and 00 ff 00 ff)
# NEW RELEASE V 1.3.2
A lot of new features, fixes and improvements. Let me hear what you think of it. And if you find bugs, leave a comment or mail me.
# Known bugs
- Dropdown menu bar not visible on OSX :( .. Will be fixed ASAP
# New features
- Added POST data manipulation (yay!)
- Added Referrer string manipulation
- Fixed tab-behavior
- Show / Hide hot key [F9]
- Show / Hide tools menu item
- Show / Hide toolbar button
- Code revision (again)
- New layout, for more menus and buttons
- Added SHA-1 and SHA-256 encryption
- Added ROT13.. (request :)
- Added Hex +1 and -1 buttons
- Added a bunch of useful SQL injection strings and tricks
- Added a bunch of useful XSS strings and tricks
- Added add/stripslashes
- and a few small things and fixes
# In general
This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, and a lot of google :)
# The advantages are:
- Even the most complicated urls will be readable
- The focus will stay on the textarea, so after executing the url (ctrl+enter) you can just go on typing / testing
- The url in textarea is not affected by redirects.
- I tend to use it as a notepad :)
- Useful tools like on the fly uu/url decoding etc.
- All functions work on the currently selected text.
# Load url ( alt a )
This loads the url of the current page into the textarea.
# Split url ( alt s )
When this button is clicked, the url/text in the textarea will be split into multiple lines using the ? and & character
# Execute ( alt x, ctrl enter )
This will execute the current url in the textarea, i mostly use ctrl+enter
# INT -1 ( alt - )
First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.
# INT +1 ( alt + )
Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.
# HEX -1 ( control alt - )
First select a number in the textarea and press this button, the number will be lowered by 1 and the url will be loaded.
# HEX +1 ( control alt + )
Again first select a number in the textarea and press this button, 1 will be added to the number and the url will be loaded.
# MD5 Hash ( alt m )
this is a standard hashing method, often used as an encryption method for passwords. It will MD5 hash the currently selected string.
# SHA-1/256
this is a standard hashing method, often used as an encryption method for passwords. It will SHA-1/256 hash the currently selected string.
# MySQL CHAR() ( alt y )
If quotes are escaped but you did find an SQL injection thats exploitable, you can use this button to convert lets say:
load_file('/etc/passwd') --> load_file(CHAR(47, 101, 116, 99, 47, 112, 97, 115, 115, 119, 100))
Thus omiting the use of quotes to load a file.
You can also use this on
WHERE foo LIKE ('%bar%') --> WHERE foo LIKE (CHAR(37, 98, 97, 114, 37))
# MsSQL CHAR() ( alt q )
Same story as MySQL CHAR(), MsSQL has a slightly different CHAR syntax
--> WHERE foo LIKE ( CHAR(37) + CHAR(98) + CHAR(97) + CHAR(114) + CHAR(37))
# Base64 encode / decode
Base64 encoding ( UU ) is often used to store data (like a return url etc.) This will help you to read those values.
# URLencode / decode
This will encode or decode the currently selected characters to url safe characters. I mostly use it to end a query with # (%23) when in a pseudo path where i cant use /* or --
And lots more ;) Go test it!
April 7, 2013 at 6:43 AM
Hey There. I discovered your blog the use of msn.
That is a really neatly written article. I'll be sure to bookmark it and come back to read more of your useful info. Thanks for the post. I will definitely comeback.
My webpage ... jocuri biliard online gratis
April 7, 2013 at 9:51 AM
Hi! I simply want to give you a big thumbs up for the great information you've got here on this post. I am returning to your web site for more soon.
Here is my webpage bancuri gigi becali
April 16, 2013 at 2:29 PM
We stumbled over here from a different web address and thought I may as well check things out.
I like what I see so now i'm following you. Look forward to checking out your web page repeatedly.
My site - google porn
April 16, 2013 at 11:02 PM
I believe that is one of the such a lot important info for me.
And i am glad reading your article. However want to commentary on few common issues,
The site taste is ideal, the articles is in reality nice : D.
Excellent process, cheers
My website jocuri sonic