bug bounty hunting

SecurityTrails Blog · Apr 20 · by Sara Jelen

Top 12 Bug Bounty Browser Extensions

Reading time: 8 minutes
Listen to this article

Web browser extensions give additional functionality to normal browsers, running in the background and helping users increase the efficiency of their tasks. Even security professionals and bug bounty hunters, while boasting more advanced and technical tools in their toolstacks, aren’t skipping out on using browser extensions, plugins and add-ons for quick information gathering, OSINT collection, and aiding in executing different attacks. These methods reduce the need for more separate tools for other pen testing and bug hunting tasks.

We’ve already explored some of the most useful OSINT browser extensions used by security researchers and pen testers, and today we’ll be adding more functionality to your web browsers by exploring the most popular extensions used by bug bounty hunters.

Before we dive into our list, make sure you’re running the latest versions of Mozilla Firefox and Google Chrome web browsers (as we’ll be focusing on them today) to ensure compatibility with these extensions.

Additionally, download and install these extensions only from the Google Chrome Web Store and Firefox Add-ons pages. They’re the only trusted sources that will ensure you are downloading safe extensions. This list is in no particular order and shows tools with different functionalities to aid in bug bounty hunting.

Popular Bug Bounty Browser Extensions

1. Wappalyzer

During the information gathering phase, finding intel about a target web app—such as the programming language, frameworks, detected CMS, plugins and databases it uses—can be helpful for taking advantage of CVEs.

Wappalyzer, an add-on available on both Chrome and Firefox, can detect all of these technology platforms running on any website. As mentioned, this technical data can be further used to hunt for active CVEs and find potential threats behind the technologies involved.

Get it now: Google Chrome | Mozilla Firefox

Wappalyzer

2. Shodan

Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services.

Once installed, it will automatically check the Shodan API when you visit a website, and all of the information mentioned above will be viewable in the pop-up.

Get it now: Google Chrome | Mozilla Firefox

Shodan

3. FoxyProxy

If you’re a bug bounty hunter, a reliable proxy will allow you to check applications from different locations. Burp Suite, for example, requires you to switch proxies manually—but with a tool like FoxyProxy, all that hassle is replaced by a single click.

FoxyProxy comes as a Firefox and Chrome (along with many other browsers) extension that allows you to manage different proxy servers, and set them to run at intervals or turn off the proxy connection at a desired period. It automatically switches internet connection between the proxies according to URL rules.

Get it now: Google Chrome | Mozilla Firefox

FoxyProxy

4. HTTP Header Live

HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website’s live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it.

Get it now: Google Chrome | Mozilla Firefox

HTTP Header Live

Chrome extension

5. Mitaka

Extracting relevant information about a target plays a significant role during bug bounty hunting, and OSINT is an important concept that’s used for recon by everyone from bug bounty hunters to red teams.

Mitaka, created by Manabu Niseki, is a Chrome and Firefox extension that allows you to take a datapoint, an IoC from a page and spin it through a variety of search engines and sources to get additional information. SecurityTrails is one of the sources you can use to pivot from Mitaka.

Here are the inputs that Mitaka can recognize and inspect on a page:

Mitaka

Get it now: Google Chrome | Mozilla Firefox

6. HackBar

HackBar is a browser extension that allows for testing simple SQL injection and XSS holes. And while you can’t execute standard exploits, you can use it to check if the vulnerability exists. When you enable the toolbar, it provides a simple console with testing tasks, and allows you to manually submit form data with POST or GET requests. Other features include hashing algorithms, encryption and encoding tools, SQL injection assistance and the capability to test for XSS vulnerability with XSS payloads.

The HackBar extension is available on both Chrome and Firefox but they do differ slightly with different creators that based them on the original, no longer available Firefox extension. The Chrome extension is the one more widely used and constantly updated as part of their Developer tools. The Firefox extension, HackBar Quantum is one among many other versions of the same tool, this one seemingly most solid.

Get it now: Google Chrome | Mozilla Firefox

HackBar

HackBar

HackBar Quantum

HackBar Quantum

For hijacking vulnerable cookie sessions, a cookie editor extension is a must. True to its name, Cookie-Editor on Firefox (available on Chrome as well) lets you create, edit and delete active cookies. It also features a search bar to filter out cookies and find the exact one you’re searching for. EditThisCookie is another popular Chrome extension that does basically the same things: you can add, delete, edit, search and block cookies.

Get it now: Google Chrome | Mozilla Firefox

Cookie editors

Cookie-Editor

EditThisCookie

EditThisCookie

8. Retire.js

Retire.js is a vulnerability scanner for Javascript libraries. While it’s primarily run as a command line tool, it also comes as both a Firefox and Chrome extension. It scans and gathers information about vulnerable Javascript libraries in a target web app, allowing bug bounty hunters to find CVEs.

Get it now: Google Chrome | Mozilla Firefox

Retire.js

9. Request Maker

Request Maker is a true pen testing extension used to create new and capture requests easily, as well as tamper with URL, headers and POST data. It captures requests sent via HTML forms and XMLHttpRequests and you can modify http requests in attacks against web apps. This browser extension for bug bounty hunting can be found on Chrome.

Get it now: Google Chrome

Request Maker

10. JavaScript and CSS Code Beautifier

Make inspecting random JS files a lot more pleasant with the JavaScript and CSS Code Beautifier. Besides beautifying CSS, JavaScript and JSON code when you open a .css/.js/.json file, you have 50+ themes for syntax highlighting. It’s available on Chrome and is a must to make your hunting and life just that much easier.

Get it now: Google Chrome

Open Port Checker Tool

11. BuiltWith

A worthy contender to Wappalyzer, BuiltWith has become popular with bug bounty hunters as the tool to find out all the technologies used to build a target web app. BuiltWith goes all the way from the oldest technologies to the more complicated ones with a brief description for each. With more than 15,000 types of technologies is it useful to quickly see on what a web app is built. Available on both Chrome and Firefox, it comes with additional features, such as one that can allow you to see other domains that might be using the same code so you can find associated domains to your target.

Get it now: Google Chrome | Mozilla Firefox

BuiltWith

12. User-Agent Switcher

User-Agent Switcher refers to both name of the tools and their function, as variants of this tool offered by both Firefox and Chrome do differ—with the Chrome extension more robust and included in their Developer tools. Used for spoofing a browser while executing attacks, User-Agent Switcher allows you to switch off your user agent easily and with just a few clicks. To further help in spoofing, you can set up specific URLs that you want to spoof every time.

Get it now: Google Chrome | Mozilla Firefox

User-Agent Switcher

Chrome extension

User-Agent Switcher Firefox

Firefox extension

Honorable mentions: Sputnik OSINT and Gotanda

Two more extensions that have deserved the spot on this list are surely Sputnik OSINT and Gotanda.

Sputnik OSINT is a Firefox and Chrome extensions to quickly and easily search IPs, domains, URLs and file hashes using OSINT resources. Just highlight the artifact you want to search and choose one of the many OSINT resources.

Get it now: Google Chrome | Mozilla Firefox

Gotanda is also an OSINT browser extension for Firefox and Chrome. It can also search OSINT information from selected IoCs on a webpage such as the IP, domain, URL, etc.

Get it now: Google Chrome | Mozilla Firefox

Both Sputnik and Gotanda are integrated with the SecurityTrails API™ so you can easily fetch our data for different artifact types.

Conclusion

Some bug bounty hunting tools don’t have to be big and elaborate to be effective—sometimes your research can be empowered by simple, web browser-based extensions like the ones we listed here.

Now you can discover even more powerful data for your hunt with SecurityTrails API™, already integrated with several browser extensions. Get access to current and historic DNS records, domain, subdomain and IP data and go even further with additional WHOIS capabilities.

See for yourself how our API can accelerate your hunt: Try it out for free!

Sara Jelen Blog Author
SARA JELEN

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.