At the recent Sector.ca conference in Toronto there was a talk given by Nish Bhalla and Rohit Sethi. I didn’t have a chance to see it myself. The talk, entitled “Exploit-Me Series – Free Firefox Application Penetration Testing Suite Launch” surrounded a couple of plugins for the Firefox browser for testing cross site scripting (XSS) ans SQL injection.
Here are the links for the downloads:
- XSS-Me is the Exploit-Me tool used to test for reflected Cross-Site Scripting (XSS) vulnerabilities.
- SQL Inject-Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.
I should also add that I have not had a chance to review these yet myself. Caveat emptor.
[tags]ExploitMe, Firefox Hacking Plugins, Firefox Add-ons, XSS, SQL Injection[/tags]
I’ve seen today (7 hours before) that the team security-database.com has posted its new release of FireCAT 1.3. This includes a reference to ExploitMe series !!
Here is a link http://www.security-database.com/toolswatch/FireCAT-Firefox-Catalog-of,302.html
Between us, this FireCAT rocks. It is a great idea to put together the most useful security extensions for firefox. They really did a great work.
Hi,
I was used (XSS-Me and SQL inject me firefox addon) that tool, its really great and Result (SQL injection and XSS) also very clear.
One more thing, I got the result but i want to know how to verify this result is correct one? Why i asked this questions is developers doesn’t accept the result for SQL injection and XSS.
I would like to know how to fix those issue by developers. Could you please give some Tips and Suggestion?
Thanks
Kumar