Pen Testing the Web with Firefox

Presented at The Last HOPE (2008), July 20, 2008, 11 a.m. (60 minutes)

Hacking the web has never been easier. Whether you're using Firefox as a standalone tool for information gathering, modifying your browser with innovative extensions, or using Firefox as a web front-end for other penetration testing tools, you can hack all within the potentially anonymous cozy confines of your customized browser. Putting it all together brings your hack-foo one step further. DNS lookups, uptime reports, hosted hash crackers and online scanners are at your browser's fingertips. With Firefox's innovative add-on feature, a number of powerful extensions have been developed for security scanning, ethical hacking, penetration testing, and general security auditing. Finally, a number of penetration testing applications are built specifically with web-based front-ends. Add in a few recommendations for your setup and a few places to test your hacking skills, and your recipe for hack soup is complete.

Presenters:

• Michael Schearer / theprez98   as Michael "theprez98" Schearer
  Recently separated from more than eight years of active duty in the U.S. Navy, Michael "theprez98" Schearer is a government contractor working in central Maryland. He is a contributor to several Syngress books, including Penetration Tester's Open Source Toolkit (Volume 2) and Netcat Power Tools. He is an amateur radio operator and active member of the Netstumbler, Defcon, and Remote Exploit forums, a football coach, and father of three.
• John Fulmer / DaKahuna   as John "DaKahuna" Fulmer
  John "DaKahuna" Fulmer is the Director of IT Security for a major aerospace and defense contractor with headquarters in the Washington DC metropolitan area. He is responsible for IT security risk management, security architecture, development of policies and standards, and stewardship of the organization's information assets. He has over 35 years experience in the management and operation of networks and security, including 24 years of active military service with the U.S. Navy. He is an amateur radio operator and active member of the online security community.

Links:

• https://infocon.org/cons/2600/The Last HOPE (2008)/The Last HOPE (2008) - Pen Testing the Web with Firefox.mp4
• https://www.youtube.com/watch?v=Lmqh0WZ50dg

Similar Presentations:

• DEF CON 19 (2011) / Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
• Still Hacking Anyway (SHA2017) / Demolish the web with the Firefox Dev Tools!: Do you know what you can do with Firefox for frontend development?
• DEF CON 17 (2009) / Abusing Firefox Addons