The web is filled with malicious extensions that can do damage to your computer. For example, an extension might hijack the user session data and then store them on the developer’s server without the knowledge of the user.
In this section, we will list out some of the best Chrome extensions for hackers so that you can get a better understanding of what is really happening on your computer.
Some of the benefits of using Chrome extensions for hackers
Google Chrome is one of the most popular browsers in today’s world. It’s also one of the most hacked ones as well due to its popularity and its mature extension ecosystem for developers to create their own add-ons for Chrome users.
The Chrome browser is a powerful hacking tool. With the right extensions, it can be used to create a secure environment and hack into networks, check for vulnerabilities and scan system of servers.
This article is focused on the best Chrome extensions for hackers. The article lists five Chrome Extensions that are crucial in the world of hacking.
Best Chrome extensions for hackers
- Tamper Data
- Open Port Check Tool
- Request Maker
- Penetration Testing Kit
1. Tamper Data
Tamper Dev is Free and Open Source Software. The Tamper Data extension provides functionalities such as Intercept and edit HTTP/HTTPS requests and responses as they happen without the need of a proxy and provides functionality similar to Burp Proxy, MITM Proxy, OWASP ZAP, Tamper Data, and Postman Proxy Interceptor, but without the need of additional software, with full support of HTTPS connections, and trivial to set-up
If you are a developer, you can use Tamper Dev to debug your websites, or if you are a pentester, you can use it to search for security vulnerabilities by inspecting the HTTP traffic from your browser.
Unlike most other extensions, Tamper Dev allows you to intercept, inspect and modify the requests before they are sent to the server, and before they are sent back to the browser interactively, and without any additional installed software.
Tamper Dev supports multiple browsers and it does not require an auxiliary app.
The HackBar extension assists in hash generation, XSS queries, decoding, encoding, and SQL functions other than an interface like,
- Dump all database names (MySQL, PostgreSQL)
- Dump tables from database (MySQL, PostgreSQL)
- Dump columns from database (MySQL, PostgreSQL)
- Union select statement (MySQL, PostgreSQL)
- Error-based injection statement (MySQL, PostgreSQL)
- Dump in one shot payload (MySQL)
- Dump current query payload (MySQL)
- Space to Inline comment
- Vue.js XSS payloads
- Some snippets for CTF
- Angular.js XSS payloads for strict CSP
- Html encode/decode with hex/dec/entity name
- String.fromCharCode encode/decode
- AWS – IAM role name
- Python reverse shell cheatsheet
- bash reverse shell cheatsheet
- nc reverse shell cheatsheet
- php reverse shell/web shell cheatsheet
- Hexadecimal encode/decode
- Base64 encode/decode
- URL encode/decode
- Escape ASCII to hex/oct format
- Unicode encode/decode
It supports HTTP GET and POST methods. The extension helps users easily copy, read, and request URLs.
3. Open Port Check Tool
Hackers find the Request Maker plugin useful for detecting vulnerabilities and coding errors while performing bug tests. The Request Maker tool simplifies the process because it is designed as the primary tool for pen testing.
Port Checker Tool is a free online tool to find open ports on your system or on a remote server. This tool allows you to scan open ports, which can be security holes and serve as a backdoor for hackers. You can also check if port forwarding works on your router or not.
4. Request Maker
Hackers find the Request Maker extension useful when conducting fuzz tests to detect security vulnerabilities and coding errors. The Request Maker tool simplifies the process since it is designed as a core pen-testing tool.
Request Maker is a tool for penetration testing. With it you can easily capture requests made by web pages, tamper with the URL, headers and POST data and, of course, make new requests. Request Maker only captures requests sent via HTML forms and XMLHttpRequests.
It doesn’t fill the log with useless information about images and style sheets. The logs are tab-specific, displayed in the page action popup, and the requests are bookmarkable. After sending a request you can just click on the bookmark button like you would on any other page.
5. Penetration Testing Kit
Chrome-based Penetration Testing Suite includes useful pentesting exercises for professional and ethical hackers. The extension provides a user interface through which users can view and submit responses and request information.
Penetration Testing Kit browser extension allows you to simplify your day-to-day job in application security.
One-click access to insightful information about technology stack, WAFs, security headers, crawled links, and authentication flow.
Proxy with a detailed traffic log that allows you to repeat any request in the R-Builder or send it to the R-Attacker and execute XSS, SQL, or OS Command injections automatically.
Craft your own request in R-Builder or run a DAST scan using R-Attacker while browsing an application and check for SQL Injection or XSS right in the browser.
Cookie editor allows to manage cookies and you can add, edit or remove cookies. And even more – you can create rules to block or protect cookies or export cookies and then import them again.
Decoder/Encoder utility to manage encoding and decoding from and to UTF-8, Base64, MD5, and more.
Integrated Swagger.IO to help you understand API documentation better and create any requests to its endpoints.
With Selenium integration, this extension can help you to identify security risks at the very beginning of your development cycle.
Leave a Comment