Mozilla's Plug-n-Hack

By

Burp Suite support coming.

Internet users seeking seamless integration between their security tools and browsers will have a new way to experience the web when Plug-n-Hack is released with Firefox 24 this month.

Mozilla's Plug-n-Hack

Plug-n-Hack – designed with security professionals in mind – will enable security testing tools to exist within the web browser through the graphical command-line interface, which is a part of the Firefox Developer Toolbar. 

One of the security tools that the Firefox Plug-n-Hack will support right out of the gate is OWASP ZAP, a penetration testing program used to find vulnerabilities in web applications. Burp Suite – a Java application used to secure or crack web applications – will be supported soon.

“The benefit to this is that the security professional can work within the browser at all times,” Mozilla security assurance director Michael Coates said.

“They don't have to go outside the browser to do configuration.”

The goal is to eventually make the feature available to other web browsers, in addition to Mozilla's Firefox.

As it stands, the configuration process can be needlessly daunting, Coates said. He added that he hopes the streamlined process offered by Plug-n-Hack will encourage more people to take advantage of the feature.

Currently, if a user wanted to, for example, configure a browser to use an intercepting proxy that can handle HTTPS traffic, that person must configure their browser to proxy via the tool, configure the tool to proxy via their corporate proxy, and import the tool's SSL certificate into their browser, according to a blog post by Simon Bennetts, a security automation engineer at Mozilla. 

“If any of these steps are carried out incorrectly then the browser will typically fail to connect to any website – debugging such problems can be frustrating and time-consuming,” Bennetts wrote. 

Coates explained that shifting to Plug-n-Hack will be a simple transition for the seasoned security professional already familiar with the current process.

The Plug-n-Hack concept has been explored by Mozilla security professionals for a couple of years and only finally started gaining momentum in January, Coates said, adding that the team plans to introduce more advanced functionality in the future.

“Implementing the above features in Firefox – and the tools that we work on and support – gives our team an advantage,” Bennetts post said. "However, we believe that opening up such capabilities to all browsers and all security tools is much more useful for security researchers and application developers and testers.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?