Using Firefox Add-Ons for #BugBounty

Recently I posted a tweet about using Firefox Add-Ons for Bug Bounty Hunting, so I figured I should write a guide on how to use it.

My life is complete because of this cat.

(1) uBlock Origin

General purpose: Block advertisements on website.

Reason of use: To have a better bug hunting experience, ads will be annoying since they are not part of your target.

Say goodbye to advertisements.

(2) Wappalyzer

General purpose: Gather information about target website.

Reason of use: To have an idea of what Front-End or Back-End technologies the target website is using.

Wappalyzer can be very useful for doing reconnaissance.

(3) FoxyProxy

General purpose: Switch proxies with a click.

Reason of use: When using Burp suite or ZAP, one must navigate to preferences and configure the proxy in Network Settings. FoxyProxy serves to save you all the hassles in one click.

Select “Options”
Select “Add”
Make changes and select “Save”
Navigate to a website and select “Use proxy Burp Suite for all URLs (ignore patterns)”
The proxy should work fine

You can disable the proxy by selecting “Turn Off FoxyProxy (Use Firefox Settings)”

(4) HackBar Quantum

General purpose: Provide a list of useful tools inside the browser.

Reason of use: There are times when you need to craft payloads or perform URL encoding when doing bug hunting, Hackbar Quantum is ready to provide you all the tools in a small window.

You need to press “F9" to enable it.

Don’t forget to try the “Auto-Pwn” option!

(5) retire.js

General purpose: Gather information about vulnerable JavaScript libraries in a website.

Reason of use: It opens a doorway for bug bounty hunters to test for public CVEs.

Looks like Medium is not using any vulnerable JavaScript libraries.

(6) HTTP Status Code

General purpose: Display the HTTP status code of the website.

Reason of use: To assist the bug bounty hunter in understanding the flow of a website.

Click it to view information for the given HTTP status code

(7) TempMail

General purpose: Get temporary email address in one click.

Reason of use: When signing up in the target website, there will be chances when they need you to confirm your email address. Temp Mail is a website that provides users with temporary, secure, anonymous, free,and disposable email address.

Install the Add-On or click the title for direct download
Select “Allow”
Select “Add”
You can change, copy or check mail in one click

(8) Shodan.io

General purpose: Perform reconnaissance towards the target website.

Reason of use: Shodan is known as The Hacker’s Search Engine. With this Add-On, one can easily gather the target website information with a click.

Select “View Host Details”
It will present you the information about the target
That’s it for now, all claps are appreciated ;)

Follow me on Twitter!