Tips for Using Firefox for Security Testing of Web Applications

Firefox is the first choice for security professionals and bug hunters. This blog lists out some tips to use firefox effectively to identify security issues in web applications.

(1) Use plugin Cookie Editor

Click on Extensions and Themes, and search Cookie Editor.

This plugin helps in creating, editing, and deleting a cookie for the current tab.

(2) Uncheck all options in Custom (Enhanced Tracking Protection)

  • Search "Privacy" on the search box.
  • Under Enhanced Tracking Protection, select Custom.
  • Uncheck Cookies, Tracking Content, Cryptominers, and Fingerprinters

The main advantage of using this configuration is getting all the details (cookie data) and not blocking anything while security testing of web applications. Remember to not use this configuration for browsing ant financial transactions, or your regular browsing.

(3) Delete cookie data whenever Firefox is closed

  • Search "Cookie" on the search box.
  • Under Cookies and Site Data, check the option of "Delete cookies and site data when Firefox is closed".

The main advantage of using this configuration is to reduce the chances of crashing firefox if cookie and site data are added day by day.

(4) History of web browsing

Delete History as soon as you have completed security testing of the web application.

Or you have the option of "Never remember history" which simply means Firefox not saving any history of your access to the web browser.

(5) Use the function tab plus F12 to check out more properties

Start using more options available in Firefox to test the web application.

Under the Console option, you can see all Errors, Logs, and Warnings. This will also provide insights of all the headers used in the application.

By using this option, you can use this inbuilt tool just like you use Burpsuite to tamper the HTML requests.

(6) Use foxyproxy for Burpsuite to switch web applications

Foxyproxy is a handy tool to switch over proxy whenever needed by professionals. Just configure as per the tutorial available on the website.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.