By cosine 2013

Keep expanding, think of where to expand.

Under Firefox

• Firebug, debug JS, HTTP request response observation, cookie, DOM tree observation, etc;
• Greasemonkey, I changed a cookie modification script. Other students can use this: original cookie injector for Greasemonkey;
• Noscript, to block some JS;
• AutoProxy, necessary for wall climbing;

Under Chrome

• F12 open the developer tool, function ==Firebug+ local storage observation, etc;
• Swichysharp, necessary for wall climbing;
• Cookie modified the script, and wrote a Chrome extension (open source: Cookie using artifact: Cookie hacker). Other students can search Chrome extension by themselves;

Front end penetration tool

• Xss'or, developed by me, is often used for encryption and decryption and code generation. The source code is put here: evilcos / xssor · GitHub;
• Xssee 3.0 beta, developed by monyer, the best encryption and decryption tool is artifact;
• Online JavaScript beautifier, JS beautification tool, analysis of JS commonly used;
• Front end attack framework, XSS blind fighting tool developed by beef and some small partners is recommended. I have one of my own, but it's not easy to show people;

HTTP proxy tool

• Fiddler, you don't need to look for other ones. The watcher plug-in can play and find loopholes;
• Burp suite, artifact, not only HTTP proxy, but also crawler, vulnerability scanning, penetration, blasting and other functions;

Vulnerability scanning tool

• Awvs is not only convenient for missed scanning, but also easy to use with some small tools;
• Python writes its own scripts / tools. A good vulnerability can be found by using AWVS, etc? Wash and sleep;
• Nmap, it's not just port scanning! Hundreds of scripts;

Loophole utilization

• SQL map, the most powerful tool for SQL injection, none of them;
• Metasploit, host penetration framework, and web level is to know some fun in Chuangyu (I may be bragging);
• Some social work platforms, good ones are hidden;
• Hydra, necessary for blasting;

Packet capture tool

• Wireshark, necessary for bag grabbing;
• Tcpdump, command line packet capturing under Linux, the results can be analyzed for Wireshark;

Big data platform

• Zoomeye, a search engine open to Chuangyu, is known from the search component: zoomeye (Zhong Kui's eye) can think that I am advertising;
• Shodan, an open search engine for cyberspace by foreigners, is known by searching host devices: Shodan – computer search engine;
• Google，：）

Take a look more at Kali Linux.

Life saving recommendation: proficient in Linux multiple commands + vim.

Edited on October 15, 2014

The article is included in the following column

The main concerns of this lazy number are privacy (including cryptocurrency), attack and security development. From here, you can at least know the alternative perspective of the current hacker world. By cosine @ lant34m