Saturday, June 20, 2015

FireCAT 2.0: What’s that hot kitty been up to?

I was reading with interest a recent post Turn Firefox into a Security Information Powerhouse at gHacks Tech News.

Martin Brinkmann did a very good job lining up a collection of Firefox extension that most regular users might indeed find helpful expanding user-security while browsing.

Please read Brinkmann’s full post for his take on the value of each extension and the feature set.

It’s a pretty good roundup and while I might not be too keen to load them all up in a web-browser, more than a few could be useful.

However, it seemed a bit thin to be used with the description “powerhouse” when it comes to security-related Add-on integration with Firefox.

See, this post jogged my memory cells and called me back to a GSD post from 2009 that introduced FireCAT to Mozilla’s browser.

Both of these tools brought be back to the excellent FireCAT 1.5 collection of Firefox add-ons used for security/network/pen-testing and other high-value activity in Firefox. FireCAT is maintained by Security Database Tools Watch.  Check out this FireCAT 1.5 PDF for the full list and if you don’t want to pick-n-choose hop over to the lover-ly Firecat package for Firefox Files on to get the whole collection at once.  What surprises me is that no-one has yet submitted it as Firefox Add-ons Collection.  Looks like I may need to crank up a “standalone” profile of Firefox called FireCAT, install them all, then upload the collection like I did for my Claus Valca’s Extension List (Home)   What think thee? Useful perhaps?

I did follow that post up with actually building a FireCAT 1.5 "Plus" Edition collection.

So after reading the gHacks post I got digging to see if FireCAT was still around and worthy of delivering a true security “powerhouse” for Firefox.

Turns out it was updated back in 2013.

FireCAT: Firefox Catalog of Auditing exTensions – version 2.0

There are now over 90 different security focused extensions in the list covering areas such as information gathering, proxies, web page/code editors, network utilities, IT-security, and application auditing, Check out the catalog page for the list.

Besides the newer extensions since the previous version, the developers also worked towards melding FireCAT with OWASP Mantra.

Granted, this is a few years old, but could still form a good framework to bring forward for your own personal needs. I don’t (yet) know how many of the extensions are compatible with the newest Firefox build versions.


Given that it’s been another two years since that publishing, I’m betting that FireCAT 2.0 could probably be updated to version 2.5 with even more extensions that have come out since.

BTW…would a Chrome/Chromium based version be called ChromeCAT or Cr(24)CAT? 

A customized portable version of Firefox (or Chrome) coupled with a bevy of FireCAT /CR(24)CAT extensions sounds like an incredible portable network toolkit. Now that is what I could call a browser-based security powerhouse.

I feel a new challenge coming on!

(This is why I struggle to get things done on the weekends around the house…)


--Claus Valca

No comments: