This is a firefox extension developed by me to detect vulnerabilities which are caused due to HTTP headers.
Submitted vulnerabilities to websites like #Signup , #Chargify, #Hotstar, #Medium, etc using this tool. Got listed in #Chargify HOF and other organisaitons are resolving the issues.
Everyday we visit hundreds and thousands of web pages which fetches data from another thousands of servers. Have you ever thought how many vulnerabilities might be existing in those applications which can be exploited by hackers to perform malicious activities?
Have you ever tried exploiting websites? Finding vulnerabilities in web applications? Is there any way to automate this? How can we make the websites more secure which we access every day?
Do you think its an easy job ? Well, definitely not. It takes lot of patience, hard work and dedication to do it.
All the websites today are highly dependent on the HTTP Headers. Hackers take this as an advantage and try to exploit them and they are highly successful.
To prevent these attacks and to make the websites more secure, I created this firefox extension which parses the headers of all the requests which are flowing through your firefox browser to check for vulnerabilities.
This is still in the starting phase and this extension will be able to detect vulnerabilities like
- CORS Misconfiguration
- Host Header Injection
- Missing X-XSS-Protection headers
Want to add more features to this tool? Fork the repo.
Like this tool, STAR it and click on watch to get more updates on this tool.