.png)
BOOK THIS SPACE FOR AD
ARTICLE ADWe’ve already explored some of the most useful OSINT browser extensions used by security researchers and pen testers, and today we’ll be adding more functionality to your web browsers by exploring the most popular extensions used by bug bounty hunters.
12 most popular browser extensions for bug bounty hunting
Before we dive into our list, make sure you’re running the latest versions of Mozilla Firefox and Google Chrome web browsers (as we’ll be focusing on them today) to ensure compatibility with these extensions.
Additionally, download and install these extensions only from the Google Chrome Web Store and Firefox Add-ons pages. They’re the only trusted sources that will ensure you are downloading safe extensions. This list is in no particular order and shows tools with different functionalities to aid in bug bounty hunting.
1. Wappalyzer
During the information gathering phase, finding intel about a target web app—such as the programming language, frameworks, detected CMS, plugins and databases it uses—can be helpful for taking advantage of CVEs.
Wappalyzer, an add-on available on both Chrome and Firefox, can detect all of these technology platforms running on any website. As mentioned, this technical data can be further used to hunt for active CVEs and find potential threats behind the technologies involved.
Get it now: Google Chrome | Mozilla Firefox
2. Shodan
Shodan is the best search engine available for IoT devices and an excellent tool for information gathering. It also comes with Chrome and Firefox plugins. The Shodan plugin can help you discover where your target web app is hosted, the IP and who owns it, hostnames, operating system, and any open ports and services.
Once installed, it will automatically check the Shodan API when you visit a website, and all of the information mentioned above will be viewable in the pop-up.
Get it now: Google Chrome | Mozilla Firefox
3. FoxyProxy
If you’re a bug bounty hunter, a reliable proxy will allow you to check applications from different locations. Burp Suite, for example, requires you to switch proxies manually—but with a tool like FoxyProxy, all that hassle is replaced by a single click.
FoxyProxy comes as a Firefox and Chrome (along with many other browsers) extension that allows you to manage different proxy servers, and set them to run at intervals or turn off the proxy connection at a desired period. It automatically switches internet connection between the proxies according to URL rules.
Get it now: Google Chrome | Mozilla Firefox
HTTP Header Live is a worthy replacement for Live HTTP Headers, a browser extension once widely used in the bug bounty and pen testing community. Created by Martin Antrag, it comes in both Chrome and Firefox flavors and is used to view a website’s live HTTP header information. It will display live headers of each http request, allowing you to edit data and resubmit it.
Get it now: Google Chrome | Mozilla Firefox
5. Mitaka
Extracting relevant information about a target plays a significant role during bug bounty hunting, and OSINT is an important concept that’s used for recon by everyone from bug bounty hunters to red teams.
Mitaka, created by Manabu Niseki, is a Chrome and Firefox extension that allows you to take a datapoint, an IoC from a page and spin it through a variety of search engines and sources to get additional information. SecurityTrails is one of the sources you can use to pivot from Mitaka.
Here are the inputs that Mitaka can recognize and inspect on a page:
Get it now: Google Chrome | Mozilla Firefox
6. HackBar
HackBar is a browser extension that allows for testing simple SQL injection and XSS holes. And while you can’t execute standard exploits, you can use it to check if the vulnerability exists. When you enable the toolbar, it provides a simple console with testing tasks, and allows you to manually submit form data with POST or GET requests. Other features include hashing algorithms, encryption and encoding tools, SQL injection assistance and the capability to test for XSS vulnerability with XSS payloads.
The HackBar extension is available on both Chrome and Firefox but they do differ slightly with different creators that based them on the original, no longer available Firefox extension. The Chrome extension is the one more widely used and constantly updated as part of their Developer tools. The Firefox extension, HackBar Quantum is one among many other versions of the same tool, this one seemingly most solid.
Get it now: Google Chrome | Mozilla Firefox
7. Cookie editors
For hijacking vulnerable cookie sessions, a cookie editor extension is a must. True to its name, Cookie-Editor on Firefox (available on Chrome as well) lets you create, edit and delete active cookies. It also features a search bar to filter out cookies and find the exact one you’re searching for. EditThisCookie is another popular Chrome extension that does basically the same things: you can add, delete, edit, search and block cookies.
Get it now: Google Chrome | Mozilla Firefox
8. Retire.js
Retire.js is a vulnerability scanner for Javascript libraries. While it’s primarily run as a command line tool, it also comes as both a Firefox and Chrome extension. It scans and gathers information about vulnerable Javascript libraries in a target web app, allowing bug bounty hunters to find CVEs.
Get it now: Google Chrome | Mozilla Firefox
9. Request Maker
Request Maker is a true pen testing extension used to create new and capture requests easily, as well as tamper with URL, headers and POST data. It captures requests sent via HTML forms and XMLHttpRequests and you can modify http requests in attacks against web apps. This browser extension for bug bounty hunting can be found on Chrome.
Get it now: Google Chrome
10. JavaScript and CSS Code Beautifier
Make inspecting random JS files a lot more pleasant with the JavaScript and CSS Code Beautifier. Besides beautifying CSS, JavaScript and JSON code when you open a .css/.js/.json file, you have 50+ themes for syntax highlighting. It’s available on Chrome and is a must to make your hunting and life just that much easier.
Get it now: Google Chrome
11. BuiltWith
A worthy contender to Wappalyzer, BuiltWith has become popular with bug bounty hunters as the tool to find out all the technologies used to build a target web app. BuiltWith goes all the way from the oldest technologies to the more complicated ones with a brief description for each. With more than 15,000 types of technologies is it useful to quickly see on what a web app is built. Available on both Chrome and Firefox, it comes with additional features, such as one that can allow you to see other domains that might be using the same code so you can find associated domains to your target.
Get it now: Google Chrome | Mozilla Firefox
12. User-Agent Switcher
User-Agent Switcher refers to both name of the tools and their function, as variants of this tool offered by both Firefox and Chrome do differ—with the Chrome extension more robust and included in their Developer tools. Used for spoofing a browser while executing attacks, User-Agent Switcher allows you to switch off your user agent easily and with just a few clicks. To further help in spoofing, you can set up specific URLs that you want to spoof every time.
Get it now: Google Chrome | Mozilla Firefox
Honorable mentions: Sputnik OSINT and Gotanda
Two more extensions that have deserved the spot on this list are surely Sputnik OSINT and Gotanda.
Sputnik OSINT is a Firefox and Chrome extensions to quickly and easily search IPs, domains, URLs and file hashes using OSINT resources. Just highlight the artifact you want to search and choose one of the many OSINT resources.
Get it now: Google Chrome | Mozilla Firefox
Gotanda is also an OSINT browser extension for Firefox and Chrome. It can also search OSINT information from selected IoCs on a webpage such as the IP, domain, URL, etc.
Get it now: Google Chrome | Mozilla Firefox
Both Sputnik and Gotanda are integrated with the SecurityTrails API™ so you can easily fetch our data for different artifact types.
Conclusion
Some bug bounty hunting tools don’t have to be big and elaborate to be effective—sometimes your research can be empowered by simple, web browser-based extensions like the ones we listed here.
Now you can discover even more powerful data for your hunt with SecurityTrails API™, already integrated with several browser extensions. Get access to current and historic DNS records, domain, subdomain and IP data and go even further with additional WHOIS capabilities.
See for yourself how our API can accelerate your hunt: Try it out for free!
Bengali (Bangladesh) · 
English (United States) ·