Hi malware fighters,
With some very interesting add-ons the Firefox browser can be turned into a pen-tester tool. See an instruction video here:
http://www.scribd.com/doc/28590479/Black-Hat-Webcast-Pen-Testing-the-Web-with-Firefox
Multi-proxy-switch: https://addons.mozilla.org/en-US/firefox/addon/7330/
or: https://addons.mozilla.org/en-US/firefox/addon/2464/ to quickly change between Burp and Tor
PacketlessRecon https://addons.mozilla.org/en-US/firefox/addon/6196/ gain packet less info on the target
Show Ip https://addons.mozilla.org/en-US/firefox/addon/590/ shows server IP and additional\ IP-adresses in case of
load balancing.
Live HTTP-headers: https://addons.mozilla.org/en-US/firefox/addon/3829/ view HTTP-headers of a page
Wappalyzer: https://addons.mozilla.org/en-US/firefox/addon/10229/
Backend software Information https://addons.mozilla.org/en-US/firefox/addon/10493/ to identify platform frameworks and major apps
Hackbar: https://addons.mozilla.org/en-US/firefox/addon/3899/ to enter POST requests
Add and edit cookies: https://addons.mozilla.org/en-US/firefox/addon/13793/ to inspect cookies and testing
Firebug: https://addons.mozilla.org/en-US/firefox/addon/1843/
& Wilderbug: http://www.command-tab.com/2008/01/19/widerbug-widescreen-firebug/ with all sort of tools and options
Lazarus: https://addons.mozilla.org/en-US/firefox/addon/6984/ will memorize info on web forms
FxIF: https://addons.mozilla.org/en-US/firefox/addon/5673/ for analyzing META information
Fireforce: https://addons.mozilla.org/en-US/firefox/addon/64765/ brute force attacker via GET and POST
Another good tool is the FireCAT: https://addons.mozilla.org/en-US/firefox/collection/firecat1_5_plus
Injection tool testing add-ons I have presented elsewhere here in the forums, together with examples and the use of Firekeeper,
Another specific add-on for the malware fighter is Malware Search https://addons.mozilla.org/en-US/firefox/addon/6718/
For malware analysis there is a specific VM browser malzilla (only for experts), or a visit to jsunpack (Also for experts and NoScript should be installed at all times)
For general script/third party requests protection in Fx and Flock browser use the combination of the NoScript add-on: https://addons.mozilla.org/en-US/firefox/addon/722/
and the RequestPolicy add-on: https://addons.mozilla.org/en-US/firefox/addon/9727/
The latter just to be in control of cross site requests,
Mind you you are only allowed to pen test what belongs to you and/or what you were given explicit authorization to pen test, now you have turned the Firefox browser into a handy pen testing tool,
polonus