The best Firefox-add-on hacking tools:


A Firefox extension that demonstrates HTTP session hijacking attacks.

Tampar Data

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.
Trace and time http response/requests.
Security test web applications by modifying POST parameters.


This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, a lot of Google and a brain :)

# The advantages are:

  • Even the most complicated urls will be readable
  • The focus will stay on the textarea, so after executing the url (Ctrl+Enter) you can just go on typing / testing
  • The url in textarea is not affected by redirects.
  • Useful tools like on the fly uu/url decoding etc.
  • All functions work on the currently selected text.
  • MD5/SHA1/SHA256 hashing
  • MySQL/MS SQL Server/Oracle shortcuts
  • XSS useful functions
  • And lots more...


CryptoFox supports the following:

  • AES 128-bit Encrypt
  • AES 128-bit Decrypt
  • AES 192-bit Encrypt
  • AES 192-bit Decrypt
  • AES 256-bit Encrypt
  • AES 256-bit Decrypt
  • ASCII to Binary
  • ASCII to Hexadecimal
  • Base 64 Encode
  • Base 64 Decode
  • Binary to ASCII
  • Binary to Decimal
  • Binary to Hexadecimal
  • Binary to Octal
  • Ceaser Encrypt
  • Ceaser Decrypt
  • Decimal to Binary
  • Decimal to Hexadecimal
  • Decimal to Octal
  • DES Encrypt
  • Generate CRC32 Checksum
  • Hexadecimal to ASCII
  • Hexadecimal to Binary
  • Hexadecimal to Decimal
  • Hexadecimal to Octal
  • HTML Entities Encode
  • MD5 Dictionary attack
  • MD5 Encrypt
  • Morse Code Encrypt
  • Morse Code Decrypt
  • Octal to Binary
  • Octal to Decimal
  • Octal to Hexadecimal
  • Reverse
  • ROT-13
  • SHA1 Encrypt
  • SHA256 Encrypt
  • URL Encode
  • URL Decode
  • XOR Encrypt

SQL injection

Set all form fields free to edit their values, It helps the developers to easy identify SQL injection vulnerabilities.


Groundspeed allows you to modify the forms and form elements loaded in the page. Some practical uses include:

  • Changing the types of form fields, for example you can change hidden fields into text fields so you can easily edit their contents.
  • Quickly removing size and length limitations on text fields so you have more space to type your attack strings.
  • Changing form target so the form submits in another tab.
  • Removing or editing the JavaScript event handlers to bypass client side validation.