Monday, September 07, 2009

FireCAT 1.5 “Plus” Add-On Collection

In yesterday’s GSD post I noted the following:

Both of these tools brought be back to the excellent FireCAT 1.5 collection of Firefox add-ons used for security/network/pen-testing and other high-value activity in Firefox. FireCAT is maintained by Security Database Tools Watch.  Check out this FireCAT 1.5 PDF for the full list and if you don’t want to pick-n-choose hop over to the lover-ly Firecat package for Firefox Files on to get the whole collection at once.  What surprises me is that no-one has yet submitted it as Firefox Add-ons Collection.  Looks like I may need to crank up a “standalone” profile of Firefox called FireCAT, install them all, then upload the collection like I did for my Claus Valca’s Extension List (Home)   What think thee? Useful perhaps?

I has searched the Collections :: Add-ons for Firefox for a FireCAT set but didn’t find any.

Sure you can hop over to the Security Database site for FireCAT (linked above) and download them individually via their great downloadable PDF sheet, or the HTML page, or even get (almost) the whole deck from the package put together by Jean-Nicolas.  But a Mozilla Collection would make it easy to see them all and pick-n-choose quite nicely as well.  Unfortunately I couldn’t find one.

Well, this Labor Day holiday morning I pulled the trigger and did it, building a modified “plus” set after a bit of work.

Full props to Security Database who maintains the project and Jean-Nicolas who combines (almost all of) them into a single downloadable ZIP file for making my effort much easier.  I didn’t do the heavy-lifting.  I just assembled the pieces over into the Mozilla Collection.

I offer to you the…

Some Very Important Considerations

  • Neither this collection or Jean-Nicolas’s contain the full collection.  You need to check the Security Database FireCAT 1.5 page to see the full list.
  • There are some additional applications that need to be installed that leverage the power of one or two of these.  Again, see the FireCAT 1.5 for the full scoop.
  • I seriously don’t recommend installing all of them in your Firefox browser at one time.  Really.  Review them all and select only the ones you need. There is some serious fire-power here.  You may throw the planets out of alignment if you try to do so. Don’t blame me if NASA comes looking for you afterward.
  • To build this set, and ensure maximum compatibility (and not nuking out my daily Firefox browser build), I used the Portable Apps Portable Firefox 3.0.13 build.  This allowed me to build an isolated version.  You could also try the Portable Apps Portable Firefox 3.5.2 build.  However some of the add-ons are not 3.5.x supported (and vise-versa).
  • I also had to do some about:config tweaking (Updating add-ons - MozillaZine Knowledge Base) to disable compatibility checking and what-not.
  • I did toss in a few other add-ons I just feel are germane as well; hence the “Plus” designation. These include (but are not limited to) the Enhanced History Manager (manage your history), CacheViewer (manage your cache), NoScript (manage your scripts when surfing), BetterPrivacy (Flash cookie LSO manager), Add-on Collector (to generate the list), Adblock Plus (nuke ads), Close'n forget (target-wipe tabs accessed), Microsoft .NET Framework Assistant (along for the free-ride), HttpFox (HTTP page sniffer), and the MR Tech Toolkit (to manage compatibility issues). I also forgot to add-in the FF Guru recommended Gcache Plus (open pages stored in Google’s cache).
  • Yes. I do know there are quite a few “toolbars” in this collection.  I generally avoid all use and installation of browser toolbars. However these have been recommended due to their support of some advanced/global searching features and/or the additional tools they provide among all the other non-sec/pen-test features. Read carefully before installing to ensure any particular toolbar is what you want.
  • OS platform compatibility has not been tested what works on XP 32-bit may not work on Windows 7 64-bit.
  • Have I mentioned I seriously don’t recommend installing all of them in your Firefox browser at one time? Yes? Just making sure.
  • This collection has not been endorsed by or for either Security Tools (and their FireCAT project) nor Jean-Nicolas. Hopefully they won’t mind the extra attention and access this provides users to their work.

Umm. Claus? What is FireCAT?

Good question.

From the Security Watch folks:

FireCAT (Firefox Catalog of Auditing exTension) is a mindmap collection of the most efficient and useful Firefox extensions oriented application security auditing and assessment

FireCAT 1.5 will be the last release of this 1.x branch. In fact, we are working on a new improved version 2.0 (management of plugins, instant download from security-database, ability to add new extension, extension version checker, Firefox 3.X compatible extensions..)

I’ve posted some links (and contributed a few add-on extension suggestions) to FireCAT in the past here.  Check these out for more information

If you are a system administrator, security consultant, network administrator, penetration tester, tin-foil hat wearer, or web-junkie, you might need something out of FireCAT.


--Claus V.

No comments: