Mozilla’s Firefox browser claims to provide a safer browsing experience out of the box, but some of the best security features of Firefox are only available as extensions. Here’s a roundup of some of the more useful ones I’ve found.
- Add n’ Edit Cookies
This might be more of a web developer tool, but being able to view in detail the cookies that various sites set on your visits can be an eye-opening experience. This extension not only shows you all the details, but lets you modify them too. You’ll be surprised at how many web apps do foolish things like saving your password in the cookie.
- Dr. Web Anti-Virus Link Checker
This is an interesting idea—scanning files for viruses before you download them. Basically, this extension adds an option to the link context menu that allows you to pass the link to the Dr. Web AV service. I haven’t rigorously tested this or anything, but it’s an interesting concept that could be part of an effective multilayer personal security model.
This extension doesn’t do a whole lot, but what it does is important—showing a tooltip when you roll over a form submission button of the form action URL. Extending this further to visually differentiate submission buttons that submit to SSL URLs would be really nice (as suggested by Chris Shiflett).
- LiveHTTPHeaders & Header Monitor
LiveHTTPHeaders is an incredibly useful too for web developers, displaying all of the header traffic between the client and server. Header Monitor is basically an add-on for LiveHTTPHeaders that displays a chosen header in Firefox’s status bar. They’re not really specifically security tools, but they do offer a lot of info on what’s really going on when you’re browsing, and an educated user is a safer user.
This is another tool that isn’t aimed at security per se, but offers a lot of useful information. ShowIP drops the IP address of the current site in your status bar. Clicking on it brings up a menu of lookup options for the IP, like whois and DNS info. You can add additional web lookups if you like, as well as passing the IP to a local program. Handy stuff.
The idea with this extension is to make it easier to catch spoofing attempts by displaying a very large, brightly colored “You’re on ” in the toolbar. For folks who know what they’re doing this isn’t wildly useful, but it could be just the ticket for less savvy users. It requires a bit too much setup for them, though, and in the end I think this is something the browser itself should be handling.
- Tamper Data
Much like LiveHTTPHeaders, Tamper Data is a very useful extension for web devs that lets the user view HTTP headers and POST data passed between the client and server. In addition, Tamper Data makes it easy for the user to alter the data being sent to the server, which is enormously useful for doing security testing against web apps. I also like how the data is presented in TD a bit better than LiveHTTPHeaders: it’s easier to see at a glance all of the traffic and get an overall feel of what’s going on, but you can still drill down and get as much detail as you like.
Got more Firefox security extensions? Leave a comment and I’ll collect them in an upcoming post.
[tags]firefox, extensions, security, privacy, safe_browsing, browser, web, flash[/tags]