Before we dive into our list, make sure you're running the latest versions of Mozilla Firefox and Google Chrome web browsers (as we'll be focusing on them today) to ensure compatibility with these extensions.
Additionally, download and install these extensions only from the Google Chrome Web Store and Firefox Add-ons pages. They're the only trusted sources that will ensure you are downloading safe extensions. This list is in no particular order and shows tools with different functionalities to aid in bug bounty hunting.
1. Wappalyzer
During the information gathering phase, finding intel about a target web appāsuch as the programming language, frameworks, detected CMS, plugins and databases it usesācan be helpful for taking advantage of CVEs.
2. Shodan
Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services.
3. Mitaka
Extracting relevant information about a target plays a significant role during bug bounty hunting, and OSINT is an important concept thatās used for recon by everyone from bug bounty hunters to red teams.
4. HackBar
HackBar is a browser extension that allows for testing simple SQL injection and XSS holes. And while you can't execute standard exploits, you can use it to check if the vulnerability exists. When you enable the toolbar, it provides a simple console with testing tasks, and allows you to manually submit form data with POST or GET requests. Other features include hashing algorithms, encryption and encoding tools, SQL injection assistance and the capability to test for XSS vulnerability with XSS payloads.
5. Cookie editors
For hijacking vulnerable cookie sessions, a cookie editor extension is a must. True to its name, Cookie-Editor on Firefox (available on Chrome as well) lets you create, edit and delete active cookies. It also features a search bar to filter out cookies and find the exact one you're searching for. EditThisCookie is another popular Chrome extension that does basically the same things: you can add, delete, edit, search and block cookies.6. HTTP Header Live
HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website's live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it.
.
.
.
.
If you need remaining 4 premium and hidden extentions for 100% free leave a Reply ! ! ! seriously