PwnFox v1.0.3 releases: Firefox/Burp extension that provide usefull tools for your security audit
PwnFox is a Firefox/Burp extension that provides usefull tools for your security audit.
If you are a chrome user you can check https://github.com/nccgroup/autochrome.
Single click BurpProxy
Connect to Burp with a simple click, this will probably remove the need for other add-ons like foxyProxy. However, if you need the extra features provided by foxyProxy you can leave this unchecked.
PwnFox gives you fast access to Firefox containers. This allows you to have multiple identities in the same browser. When PwnFox and the Add container header option are enabled, PwnFox will automatically add an X-PwnFox-Color header to highlight the query in Burp.
PwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++.
PwnFox adds a new message tab in your devtool. This allows you to quickly visualize all postMessage between frames.
You can also provide your own function to parse/filter the messages. You get access to 3 arguments:
- data -> the message data
- origin -> the window object representing the origin
- destion -> the window object representing the destination
You can return a string or a JSON serializable object.
Be careful, the injected toolbox will run in the window context. Do not inject secret in the untrusted domain.
I will publish some of my toolbox soon (ENOTIME)
Security header remover
Sometimes it’s easier to work with the security header disabled. You can now do it with a single button press. Don’t forget to reenable them before testing your final payload.
- Fix for missing highlight in burp v2020.4.2