 Everybody our last speaker of the day is here. So please get your seats and we'll get started Side pocket you'll have to pick up one of the microphones to get megaphone. So everybody hears you okay Well, welcome everybody to the last Session of today and last one for the last presentation for Defcon 30 VR event We will be open tomorrow for people to hang out and socialize and also this evening. So hang around and Try cow tipping and throwing the cow off the roof from the outside area and also you can play catch with Trevor the Cockroach as well as there are now Easter egg teleport pads somewhere up on the beams that allows you to get up on the beams and roof So without any further ado, I would like to introduce side pockets He's going to present when Firefox gets angry a web browser for red teamers Side pocket is co-founder of Defcon group 201 an open group for hacker workshop projects in northeast New Jersey Side pocket is constantly wanted to help people to get better at whatever they want to do and learn also as a history with New York City 2600 radius Statler at hackers on planet Earth tool the Lockpicking group and phone users of America Museum of urban urban reclaimed spaces and yes, then find out more about DCG 201 at the link provided. So without any further ado Take it away. So I parked it Okay, let's see if I can pick up the mic here. This is probably gonna be my grandpa moment It is the micro is it on hey, it's always a talk of mine when there's like weird technical difficulties Let's see can anyone hear me or have I not picked up the mic yet? Awesome, okay, so hi Hello, sorry for anyone who was expecting to watch this yesterday. I had multiple monkey wrenches thrown in including how I Thought the presentation is gonna go in a different way. That was my fault not realizing how Particularities of all space VR as well as I was not expecting real life hitting me so hard over the weekend So but I'm here now and basically And I'm not just like do I just say next slide? Yes, that's awesome. So you can go to the next slide now I'm gonna provide a little bit more of a in-depth intro about myself and kind of what they talk CCG 201 the other co-founder is gi jack who is currently hanging around California I don't know if he's at Defcon. I don't think he's at Defcon this year So he's probably like me and attending it virtually but awesome dude He will forever be the other co-founder of our group Very fortunate to be part of Defcon groups. I believe we are the fourth time New Jersey group has started I also know for fact that we're he is like my humble brag. We are the longest running one It's been five years and I'm hoping by March next year. It'll be six years Do we do a bunch of stuff? We were doing okay during the pandemic and then a lot of real-life stuff hit funny enough after we all got vaccinated because biosecurity is just as important as computer security and Yeah, so we were on a bit of a kind of a in-person meeting hiatus obviously and we are kind of kind of build ourselves back a bit I'm also part of a lot of different other groups over the years Basically, I am not one of the oldest hackers But I have definitely been around and done some stuff and every time games and liquor stores asked me for my age It keeps longer and longer to scroll Do you want to find more about us? We are still retuning our website So I would like to direct you over to either our medium blog which also has a huge list of guides for all the Goings-on for hackers summer camp they're updated in real time as well as a general guide to how to survive Vegas So if you have friends who want to know what's going on or how not to die in Vegas You can go check out our guides the medium blog and there's also a link tree at link tea link Sorry, L.I.N.K Tr.ee slash Defcon tool one which provides all of our social links and other blogs now access to tour Etc. Next slide please This is going to be kind of a basically sure presentation originally. I thought I was going to be able to somehow Stream like basically like remeer the browser and I would walk through that This is going to be I'm going to instead do a more verbal walk through with one or two minor pictures And this is going to be kind of like my like sneak peek overview of what this whole browser is and then Next week during our the day after our meeting because now we do video live streams a day after our physical meet-ups I will actually do a video walkthrough of all this. That's also when the browser is going to drop But before again, too, I want to kind of talk to why I kind of created this whole thing And this is nothing like super leader fancy This is just one of those things that we often have in the hacker world where you know You would think there'd be something kind of like this of a web browser that's designed for More in-depth wet or taking an existing browser modifying it but I've just never seen this done before and I came across it because We I started myself Total noob in the CTF. I've been slowly like learning a lot of new more relevant hacker skills than when I was younger I'm very recently through a Jeopardy style and even one or two attack and CTF defense is not one anything just practicing my skills trying to see if I can go do hack in the box and stuff and but one of my things is that I Really into web browsers. I'm I grew up in that era Which I don't know if any of you folks have in the audience of that time period where in order to do anything on the web You had to have the three horsemen of the apocalypse at the time I think it was next I think it was an escape opera and Google and then you would have internet Explorer to just be like You're what they call in the movie hackers like it does like all the the bitch work You know crack files stuff aka just downloading the one or two things that Microsoft said particularly with and ever since those times I've always been keeping up to date with what different browsers are doing new odd variants Changes privacy violations, etc. And I also routinely test browsers including browsers that people have put into their Linux distributions who want to know that their features work and What I found during the CTF sort of stuff is that people would use the browser especially for Jeopardy CTF to who yay real-life knows But they would use the browser to obviously interface with The Jeopardy styled CTF which works exactly like the Jeopardy panel we click on Something it's worth X amount of points and it gives you files or a website to pull go to and you have to find the flag and They might use especially if there's a browser Exploitation category the browser to actually go to the destination But then they would be endlessly loading and looking up so many different tools and resources that are external Are in their operating system whether they've customized their own? You know version of Linux or running on a subsystem in Windows or running Kali, etc And if you want a good an example of this on Thursday, I believe there was the global cyber games for charity If you're in Vegas, there's a giant eSports arena and that's where they held The these these global celebrity games, which basically imagine doing CT imagine if evo Which is the huge fighting game tournament that actually came a week before In Vegas at the Melinda Bay where black hat normally is so imagine doing CTF on like an eSports game or scale There's a huge crowd and everything and I was watching them and while some of them had one or two extensions that I've made Because I've been working on this type of modification for two years. They were I saw them still fumbling through trying to get through terminal Doing all of this external stuff to do men and middle attacks like basically like doing it the hard way It's like using we get and manually installing a dot dev instead of just clicking on the dot dev and loading it And they were like eating so much time And so I was just watching this and it came to my philosophy with this which I was like one I wanted to see if I could Create a browser instance that would do a lot of the stuff that you would use for external tools in terminal and and and visually Inside the browser with the goal of is that you would do the least amount of stuff especially for web penetration testing categories and CTS you would do the What you call it the minute like every there should be so much done in browser that it should be an exception that you load an External tool. I wanted to basically push to see how far you could go which is doing a ton of hacker stuff in browser Next side, please So just a bit of methodology of me creating this just a bit of background. I went to Firefox I use Firefox because not only is it the sort of Normally, I would say it's that sort of hacker and open source like big browser of choice But honestly sadly practically one of the few only choices since Google is in everything and while there are really cool Extensions and tools that you can use in Google Chrome, and I will go into those as a separate thing in a later date Yeah, I'm trying to minimize. It's not much so much Google tracking stuff Although that's an issue but the bloat and combined with how customizable Firefox is This is I took I basically a new profile in Firefox and I created this whole thing To note about this browser this browser again, it's redkeeming. It's designed for attack. It's a giant glass cannon When you eventually I'm because as I'm gonna mention A week from now I'm gonna make a blog post that will go in-depth with most of the stuff that I've said here Maybe one or two other tweaks and you'll be able to actually get the profile instance in a zip or tar and bring it over Drag and drop it into a Firefox profile. You go the about colon Profiles drag and drop it in and everything should load the bookmarks everything But uh, but I'm worried that when people see this for the first time that they're gonna be like hey Wait a minute like why is there for example? No, you block origin. Why is there no privacy badger? Why is HTTPS not a default on there and that's because again, this is designed for red teaming on purpose There are many many different browsers I can point to from Trying to for some reason of brains failing me right now But there's many different ways you can configure Firefox get a privacy guides Or to configure it to be more private and secure on the defense side There are so many like Libre Libre wolf is one of them. That's there's on Google Chrome There's so many done for privacy. I see that as more blue teaming thing and blue teaming is really important But the focus here is this is designed for attack and it lets certain Vernibilities on default of that default Firefox loads on purpose Who actually executes certain red teaming things and you'll see what I mean in a moment when we get to the to the next Section and you'll see what the browser looks like fun thing if you haven't noticed the slide deck is actually what the browser looks like So I had screen-shotted it that top bar That's what you see when it loads in and of course for a little fun I pull a Namas hacker thing in the corner Just as a visual thing and to note on that you don't need you can change anything you want In fact, if you want to open your own Firefox profile and just download one or two or five of the Extensions that are going to be in there because there's gonna be a lot of extensions. I did minimum profile changes And just use those that's fine If when you eventually download the profile if you want to go edit add more extensions take others out That's fine. You don't have to use all of this. This is just Me slaving away for roughly two years now and testing this on a CTS I've entered in and just literally eating up especially web exploitation sections So Glass can and this is a browser that's essentially error 15. It does not come with a shield that they soared down a shield certain What you would consider like privacy flaws were left in by design due to have some of the extensions and modifications works So you can actually do a reconnaissance OSENT and red teaming better and that also when you whether you download this profile or you're just taking notes from what I'm saying here You don't have to use all of these I'm just putting this information and the downloads and what these extensions are modifications out there So you can tweak and do this as ever you want just like any sort of other open source tool. Okay next slide So this is a slide we're gonna hang on for the most amount of part just because I ran out of time and crazy real life stuff and I don't know if the The my voice should still carry over by by looking at this. Actually, I just remembered The way I'm gonna walk through this is I actually have the browser open on my end So I'm gonna read through a bunch of things. So this picture here is the most of the actions gonna be in the upper right hand corner Made and made I took a screenshot of it and made it bigger because I know with the slide deck Especially an all-space VR might be hard to see so you can see everything there I want to talk a bit about Why I love design the extensions the way it is because unfortunately the way Firefox works when you load the profile It's gonna mass dump all of those icons So it's gonna be up to you to organize it the way you want But I just wanted to show what I called the default configuration that I made So one of the philosophies I had here was I want everything to be or most things to be easy to see and read and Recognizable just by looking at it Even when you're in code looking at you know the backbone of different websites and stuff Everything should be readable. Most of the stuff's in the upper right-hand corner some things are gonna open their own their own tabs and some things are in other Sections of Firefox whether it's the bookmark mode or the F12 peeking behind the scenes looking at the source file mode So but most of the stuff's in the upper right-hand corner and so I want everything to be easy access I wanted things to be grouped into categories, which I will walk through also tiers The all the stuff on the top are like the most used and or ancillary Extensions the second row is really important because the second row or that middle row The philosophy I also had is why I call the dashboard of a car This is something I picked up from from a video game called doom eternal where they talked about designing there you Well, because I think UI design is horrifically underrated in all aspects of software development Especially nowadays and they were talking about how because of the way they design their game It's super Pat bass bass and you're juggling multiple things at the same time So they didn't want their users to be hung up their players to be hung up on the AI and figure out Oh crap. I run a ammo. Where is it display? How much ammo I have what what type is it? What am I holding right now? Do I have any health left? Do I haven't and so what they designed it was not only they made everything clear in terms of like Everything sharp. There's no contrasting that there's actual contrast. There's things not blurred out But that they did things were when you ran out of ammo The ammo section would light up a certain color and each ammo type had its own Subcolor and stuff. So their idea was a dashboard at your car The focus of the car is looking ahead driving on the road You don't want to use the driver to be distracted by the stuff going on the dashboard So when your oil runs out the oil like blinks, you know that it's blinking off the corner of your eye in a certain section So you know the oils off your eyes are still focused on the road And not only did I try to use that design a lot here But that's specifically what all those extensions on the second row are for the most part is that these extensions will light up And change depending on What sort of web page that you're currently on so basically they mostly remain inactive or will not tell you information And then once you go on to a page or a certain page They will light up to let you know, hey, I'm usable or hey I found data and that's displayed there and the bottom row is all like Harko did like this is the type of functions This is what you're going to be normally using in terms of like engaging in the actual website and there's a little particular particulars here and there but But I'm going to continue on because again, there's a lot of extensions But before we get into those I and again, we're going to be hanging on this slide for most of the talk So I apologize advanced. I just want to go on to the settings and then explain why Configurations behind the scenes don't quite matter here and also why they're configured the way they are So if you've noticed on here just due to laziness, I just have one URL Where you type the URL section? Ideally dead serious you probably want to do with both the URL bar and the search tab Just so that you're always on search anytime you need it I just forgot to turn it on when I made the screenshot. So I'm just pointing that out In terms of the actual search engine itself when you download it and normally Firefox loads with Google Yes, Google's really important, you know, it has a lot of power behind it and has a lot of options But even though this is mostly attack I did want to balance the most usability with Google that wasn't Google So the default search engine which you can't see on here is the brave search engine just because of how essentially it mines from Google a bunch of other websites and Sort of puts them in the corner and I just found them to be the right balance of not being duck duck go But not being Google either now to be fair. I also still have as options duck duck go The best versions of the best version of search X or se AR X There's many instances of that search engine, but I put that in there Those are both in there as options, but I by default have brave browsers selected on here With privacy and security stuff again, I set everything to standard. It's not on stricter custom And I'll explain why in a bit all of the Web RTC is still enabled on because I know red flags are going off like why would you leave this on but trust me? I'll explain why in a second. It's web RTC is on so all of the audio video Interfaces you'd be doing such as live streaming or streaming videos in that that still completely works here Most of the defaults are left. I just want to double check Yep, you can still does location camera. Those are all on and I do have the security the block dangerous content all three of that leaving certificates on and it is enabled to HTTPS only mode which is why there's very few extensions to do sort of privacy stuff now The question is why would I leave most of that on well for two reasons one? There is an icon. Let me see if I could find it on my end because my brain's dying right now because of crazy Nubs today Also, I hope the audience has not fallen distressed me. We're gonna get some very interesting stuff in a second This is just sort of it if sort of a pretext, but there is a button So if you see that little red icon on the second row to the immediate light right of it And it is the only one that has bad contrast because it's grayed by default This is an extension that is the And actually I should have probably moved down the upper bar, but it's there right now But there's luring extension. That's called privacy settings. It's available on Firefox and Google Chrome if you are somehow these Google Chrome and instead of typing in about Privacy about settings or going into settings and running through and clicking them You just click on that extension and not only can you go through the everything? You would need to turn on off in there, but it also has the presets in there You can restore to defaults. You can go full full full privacy which sets even certain attributes to full privacy mode that that Firefox normally does by default or enhance which is kind of like the middle ground area So one of the reasons why I left everything on default is because you're going to be able to directly control Privacy of your browser You know seeing if cookies are coming in or whatever directly through that extension. So there's no need to actually Fumble through menus. It's all right there The second thing is that I found that when I do CTFs that when you do web Web security web exploitation sections that when they send you to a website, you're looking for vulnerabilities in the website so for example Snowflake which is a extension by tours in there it creates It's that little purple icon in the second row all the way to the right. It is a passive Extension it creates an external node so other people on tour can use it nice thing. Why is it in a red teaming browser? If web RTC for some reason doesn't work on your end that extension won't work It will go dim it will not be purple anymore So you will know if web RTC is still enabled or not If there's something going wrong with your computer or someone's doing let's say you're an attack and defense situation Let's say they want to abuse or turn off web RTC as soon as that goes down on your end You're going to know because that extension is going to turn off against like the dashboard of a car So that's another reason I left things on and finally the other extensions I'm about to go through and it's going to be a lot so bear with me Actually need a lot of defaults on because then you want to give these Access to that So let's now break things down by row by row and I actually have a slide for this first extension Which I'm shocked no one has ever used So we're going to go to the next slide and then go back to the previous side. So next slide, please Awesome. So this is something very recent. I have added and While it has been useful for me. This is a proof of concept essentially the extension is called X Linux you can go search for it downloaded it's going to come default when you eventually when I release the profile next week and essentially what it is is that you can spin up your own Linux terminal in browser that is hosted on a cloud a free cloud service So as I said here when you open it, that's the window. You're going to see It's a it's basically a your own Linux small Linux virtual machine with having to do anything Linux client. It's all text by default and no installation It's it's defaulted to the common network configuration to access the informant. It supports framebruffer. It's a GNU see compiled File system involves and here's another thing by the way when you load this browser Another extension that's going to auto turn on is the no script extension which blocks JavaScript Um You're going when you load up a certain Certain some of these extensions to do the actual red teaming if it doesn't work go into no script and And make an it click on the icon that says Temporarily give trust to this page and that extension will then work and you don't have to load it every time So if you load any of these and it opens like another window and it's like, hey Why can't I see the terminal? I'm trying to load the Linux terminal in browser Just turn that off because some of this stuff uses uses Java as a visual interface. So I'm just putting it out there But um hardware expectation. It's a 32-bit emulator 32 bit of RAM so it's it's very low spec and I will say that while unfortunately, which is a headache. It doesn't have ETP doesn't have DPGK. It does have a bunch of actually surprisingly useful stuff has nmap automatically loaded That has open SSL You can do it has Ruby and Python scripting and other programming languages by default you can edit stuff in nano and I just find it useful because obviously when I'm in a CTF I always have my terminal open on a tab anyhow or if I'm Sandboxed on windows. I load up the Linux colleague Linux subsystem I have but it's just nice to know that you know, it's like oh, I have to add something in nano or hey I want to log in or SSH something in the terminal But I don't know if they've like honeypot it or trapped it in this You know exercise of the flag I'm trying to get that I can spin up a terminal like try to access it through nano try to SSH tunnel through with it try the coding in that and Not only do I have it there and I can use my terminal for something else like doing other like type of you know Different scans in the background while this terminal just does this cloud terminal does base work But let's say I there's multiple SSH tunnels in this in this exercise on the CTF And I try one and let's say there's like more of them are false gates They're honeypotted and you fall into that instead of having to deal with your terminal and possibly having to even Reset your OS you just simply close that browser tab and that instance closes and when you hit it again a completely new one loads up So it's just a nice disposable instant terminal right in the browser right away Please go back to the previous slide So that's to me like one of the big feature extensions and now we're gonna breeze through a lot of these The one you need to write to it is called simple text Simple text. I hope I pronounced that right. It's gonna be a second here Sorry sublime text You know, obviously everyone has their own personal coding Applications I usually go between vs. Codium for really big stuff and simple text for really basic stuff I basically try to load stuff. So I'm sorry people text I try to load stuff and sublime text initially and then if I realize any more complex stuff I'll copy pasta or move the files over to vs. Codium and work from there And particularly during that global cyber CTF when they were running certain Python programs and scripting stuff I saw a lot of like I'm waiting to download and having to go back and forth or taking code and trying to copy Prostate and the formatting was bad to go in and reformat it because the copy pasting system didn't work quite well What this extension simply does it just hangs out there and what you can do is if you see code right there You can highlight it or right click the extension and then it says edit with sublime text You click on that and it will automatically load sublime text So you have to have sublime text installed loads it and puts all that code there in the exact formatting That was that had displayed on the website and that has really sped up my productivity when I've done for coding challenges Even though I find it useful to the right of that that green icon Impossible thing that I just like is is fiddler Fiddler is up as a program that I've used to just kind of see the cross talk communication between websites behind the scenes It's external application. This does the same thing that the sublime text extension does What basically you can highlight a URL or go on a web page and you click that Extension and it will load fiddler and immediately say hey that web page You're currently on look at that so instead of going into fiddler and fiddling with it and configuring it It just automatically does that and loads that program immediately So you can load that run fiddler in the background It starts looking out across talking go back in the browser back to your other tool and do a bunch of things there Another optional thing right to it. There's no really good VPN extensions If you kind of want to change your your network sort of Interf like you know how you're gonna communicate over the network and different proxies and stuff boxy proxies Obviously good to change between proxy systems I just didn't load that on here because you can easily go again to the privacy settings and load that Sort of stuff, but if you want to add that on there, that's up to you So by default you're normally supposed to subscribe it to get this extension by put the extension in there It's a paid thing So you would have to pay for it But I think it's just a couple of bucks and to be honest if you're constantly having to switch in networks kind of you know Hey does this page loads weird, you know on my ISP You know will it load different in Sweden or can I bypass this restriction by doing that to me? It's just worth it to the right of that is an onion browser button It does that what it says when you click that it will immediately start running tour If you have a tour connection or tour node open it will immediately start connecting that so you can immediately just start using Dot onions and other things directly in the Firefox browser and any time you don't want to you can turn that off That's another also important thing of the snowflake extension if that thing also is kind of wonky That means maybe there's also something wrong with tour also if you press that button and tours not working But you've already loaded at again troubleshooting it saves you time that way You know instead of trying to do the action and everything fails to the right of that just one last foo foo thing It's an optional light mode dark mode I'm a fan of dark mode just for my eyes when you're looking at the screen all the time But CTF stuff and all the backgrounds are bright white or whatever it starts to drive you crazy So I just have that as an option and then the last one is the on the upper section is a simple paste bin again That's exactly what it sounds. It's just a way to take local notes So that way you see something instead of trying to go to a URL for a paste bin or stumble stuff You just click the icon type some stuff click out that icon close it and then when you're like wait a minute What was that ice? I you know the ISP that I wrote click on that. Oh, it's their copy pasta done And so that way again, it's in browser and you're not opening other things So let's go to now the starting with the more real fun stuff that second row So that red icon in the corner. This is actually exclusive to this browser It's an older version of this extension Due to odd. I don't know if it was legal trouble or something this extension. You can't download it anymore I currently have it on here because it's still very useful And I'm actually looking into redoing it so that you can Unload this for Firefox again because it's open source. I'll fork it I have a credit original person. I already asked the original person extension and simply what it is It's a built-in WP scan or wordpress scan I also have the URL as a bookmark as a backup here for one That's like a browser page, but this to me is super useful as extension basically you click it and If it's red that means there's no wordpress But if you went to a wordpress website such as New York City 2600 page wink wink It will light up green. So one you'll know that that page is running wordpress You don't have to like scan it with and map or something to find that out when you click on it You get you get multiple interesting informations again without having to use And WP scan or and map scan in terminal It's gonna be one second here. I really hope everyone's not falling asleep here So like things that you'll know information can poll is what themes and plugins that they're using you can See any of the user names of the people who've registered and monitor this website You can check out if available the user registration all that data You can also see the path disclosure and probably the most useful thing is the scan vulnerability function Where we'll start scanning for whatever version of that wordpress is vulnerabilities Patched and open you have in there. So for example again instead of usually most people in CTA for familiar with Scan as the term is the total application and I've used that multiple times But since I've ever got this extension as soon as I find there's a vulnerability and a flag for wordpress I just click on the icon click the test vulnerabilities. It spits them all out I copy pasta that vulnerability and now I can look up what the vulnerability is and start cracking at it or copy Pasta and to end map or any other Red teaming program and have it working on it right away. So literally instead of having to just you know Look at the crosstalk with fiddler and then doing an M map scan and going through that data and then writing it down Moving it over. It's oh, it's green wordpress click. Hey, what vulnerabilities click? Oh, it's that CVE copy pasta that CVE And okay, that's the ISP for copy pasta put that in excerpt in that red teaming program And now it's eating away at it and I can hop on to something else Again, this is sort of the philosophy of what I was trying to do here with a lot of these extensions Next to that is the privacy settings. I've already gone through that That's one is kind of these next two are interesting This is the sort of browser control stuff that this this gives you data on a bunch of different things about the website You're currently on so the first one is you matrix now you matrix might be familiar The dirty version of this is essentially you matrix is sort of an advanced version I'm really judging the terms here, but it's sort of an advanced version of if you're familiar with You block origin you matrix is a more comprehensive version of it So when you click on it, it gives you this giant grid you can manually turn it on and off and it shows you Cookie data first-party and otherwise CSS data image media script XRH frames and anything it can't categorize and you might wonder why I have that on there because as you probably heard you matrix Is being depreciated recently and yes, it's being depreciated as something preventing privacy It's too complicated. Most people don't use it the person to stop Updating in a couple of months ago. I still find it really interesting that one I can see in the corner It'll count how many oh, this is how much stuff It's found of like what analytics are tracking and what scripting it's using and when I click on it shows me a nice grid So as a blue team This is what I mean about this being a red teaming thing as blue teaming This is kind of useless just install you block origin if you want to block ads and stuff But as a red teaming thing for reconnaissance, I still find new matrix really useful Similarly, you know right next to it You have no script which will immediately let you turn on and off the JavaScript for either individual pages or for everything And you will instantly know not only if it's running JavaScript But it'll tell you what it's running and break down what type of scripts it's running and et cetera So you can start playing with websites that you're home so I can start playing I had to take a quick munch and start playing with when you go to like a page and you're trying to find okay There's running JavaScript. Yes The type of JavaScript that's running If I block it how will the page load? Maybe the page loads odd. Oh, that's weird. Why is it like that? Oh, there's actually a weird thing you can do a JavaScript in order to just Pop the password in here so you don't even have to do the log in cool That's what this is useful for an alternative if you don't want to use no script by the way is LibreJS The reason why so LibreJS will give you a more comprehensible list, but ironically It hard blocks JavaScript automatically harder than no script So I just find no script like much more easy to use so I'm not having to fuss around and thinking about it the next one to the right of it is a Yeah, copy URL to clickboard That's just kind of just sitting there I'm probably gonna eventually permanent remove that icon because there's a bunch of tools You can use when you just normally copy pasting and also when you right-click on things and what that will simply do is When you hover a URL and you right-click it You can go to the copy URL and it will copy it under multiple different things So instead of just directly copying on that link It will give you the option to copy to clickboard in its formatting HTML markdown bulletin board code ASCII docs all sorts of that so it gives you a lot more control of what you're Copy pasting which is really important Especially if you're in challenges where it's directly listing certain web data or even programming data To the the right of that is a cookie editor So not only in this is and why I left cookies on it's like what that's a security thing I want the website to try to send me cookies because not only will this intercept these cookies It will break down what cookies are there You can turn them on disable them and you can click on the cookie and start editing the individual cookies directly So this is a very powerful tool that the web page you're trying to do is try and send you cookies Let's say even an attack and defense where you like Let's say you're trying to go on to the defense's computer and they put like various landing web pages And they're trying to send you malicious cookies This will intercept those cookies and you'll see they're malicious and you can stop them or you can take a malicious cookie Or just cookie sitting there find a vulnerability of it and then weaponize that cookie back at them things like that The thing that looks like the windows icon to the right of it is a containerized system Firefox is probably big thing is the fact that now you can use container Containers which basically sandbox websites and you can put them in different categories Probably the most famous of this which is not installed here on by default is the Facebook container Which is that Facebook and anything relating to Facebook stick in its own container will not cross talk with the other browsers So let's say you log into Facebook in the Facebook container that you've made we go on different website It's not going to pull Facebook's data and cross it over and that's which is how Facebook tracks you and stuff We don't need that what we need is something where we containerized stuff with more control And yes, you can right-click in modern Firefox and set containers But I also put this simple one in here so you can go in you can create your own container folder and Put any sort of organization you want and containerize whatever web content that you need to the right of that is Oh, this is really fascinating. So this is um, this is sort of one of those leftover icons But it's really important. I'm actually going to loop around back to that near the end to the right of that that little That little purple flask is a test and feedback application So what it is now warning it's based on Microsoft Teams But you don't have to install or run Microsoft Teams goes through that and it's up to you if you want it I put it there simply just because Let's say your teammates you're together. You've randomly formed a CTF team. What the heck do you communicate on then? It's like, okay, let's do zoom. Oh crap three might or teammates don't have zoom Okay, they're gonna install zoom great now zoom is not working on one of their computers because Apple just decided to push somewhere Whatever and also you'd have to go over to that chat application in order to chat Which also might take up that entire screen whichever one you use which means you're not doing actual CTF work This puts everything in there you get to make a connection in browser. It stays in there You can create a room it will pull other things remember this is all in the browser and And anytime you want to take notes and share notes and teammates you didn't like for example I found a I found a very ability on the landing page or hey my terminal managed to crack this screenshot that you click that extension It opens up the chat thing you put that right in there and it's just great if you're on a team with CTF This is just a great browser way to just instantly communicate with everyone Similarly with communication to the right of that is an ours RSS feed reader. It's currently blank I might when this releases next week had some built-in our RSS feeds from you know Certain things like dark reading and stuff But basically if you're also getting real-time updates, let's say from the CTF itself They have an RSS that's sending updates of which teams are in the lead or what time scales or what or what challenges It's been announced. You can simply add the RSS feed in there and when they update You'll see a little number icon. It'll be a bingy on update click on you're like, okay our rival just dropped down a couple points We're now ahead of them now good. We can keep focusing on this or oh these challenges drop Hey Larry go down those challenges. You load up the team app next to it. Go get them right away that sort of stuff To the right of that I've personally find this useful Just in general because some of the CTF challenges nowadays now we're leveraging social media and So I've literally there was one CTF a year ago where the challenge was is that they on purpose created a bunch of fake Twitter bots and basically you had to figure out yet to basically go to a legit Twitter feed and Find where they accidentally like on purpose retweeted one of their bot posts And basically it's like, you know the game at Defcon spot the bed This is spot the bot and this app is really important I think it's even useful if you don't even are not even doing red team and it's called bot sentinel It's from the folks at bot sentinel calm And what it is is that when you go to social media, especially for Twitter and it's specifically designed for Twitter It will let you know Based on a bunch of metric information who is a real person typing and who's a bot and if they're a bot What have they done as a bot that flags them as a bot? So if you are social media bot hunting for a challenge This is an amazing tool. That's actually how I captured the flag Everyone's trying to like read the different posts trying to find typos or like something that sounds too stiff or repeating stuff And I just simply went on there and bot sent it was like, hey, that's the bot like down the bot Scroll down there like there's a weird put the fifth thick of what was the foot 36 post was weird scroll down I was the flag and I got the flag that way. So that's still there Um, next one next the one to the right of that that little warning icon is the content farm term Thinking with attack and defense You might be redirected or even when you're like, let's say you're trying to search up something like a certain command You might accidentally end up on a content farm, which often shows your CPU memory Floods your system with ads. So even if you have an ad blocker, I've actually literally accidentally one time went to a content Farm terminator. I'm trying to look up an evil made attack example We're basically that website. They had the evil made attack It was correct information with their website was so full of ads that actually killed My pop-up blocker, which also killed my browser This will let you know if you accidentally stumble on a content farm It will load the page and then we'll say hey, this is a content farm. We blocked them from content farming and very useful These next ones I find really interesting. So the one next to is called permission to hack That's right now. It's blanked out because it's not on something. That's permission to hack. What is permission to hack? You can actually make Text files embedded in a website that will let you them know that if you're doing bug bounty or burn ability hunting If you find vernier abilities who to report that to and it's called a permission to hack text file And simply if you go for example, if you use this browser and you go to Google It will make a little green H instead of that red no icon and that lets you know Oh They actually want me to search for vernier abilities and bugs and security flaws on their website And then when you click on it, it will load up the text that says hey where I can actually do it right now Let's go to github github.com and yet mom I ended just turned to the green H and when I clicked on it loaded up in it in the new page Where to contact for github, which is hacker one comm slash github the acknowledgments for languages their policy for doing it Even they even actually put in github where they hire So it's like if you're good at bug bounties now You know where to go to apply for that sort of testing position And it's just very useful because I've had people when they do bug bounty stuff But they don't know if they're out like, you know, okay This is a major company But do they want people to find vernier abilities because I don't want to find one and be like hi find one and they you know And then all of a sudden you hear FBI open up and your door kicks in This is a just a simple way to find out. Hey not only are they looking for just random people to find vernier abilities But it will also let you know thanks to their text file to report them similarly next to that one a lot of websites especially big-name websites at what's called a robot dot txt viewer and This simply tells bots that are looking at their website How to behave and what they can't and can't do which is honestly really good to recon for especially if you're doing Webcom website reconnaissance Let's say an attack and defense as well as just vernier abilities because sometimes I Knowing how the way bots are behaving you can then sort of figure out like what part of their asses They didn't cover and get through that we're about halfway done here I just want to make sure if the audience is awake and I can't always tell it all space everyone right now It looks amazing and has awesome clothing. I see a little heart thing in the back. Thank you there Thank you for all of that Hopefully I'm not boring you to death We're almost actually done here and the more we go down the more meteor the stuff get so here's gonna be the last Of why I like to call the dashboard icons the ones that are either useful for communicating Organizing web stuff or light up or light off and actually funny thing on my end so I went to the NYC 2600 website for the WP scan and U matrix only picked up one odd frame flaw went to github it picked up 33 different flawed arrangements off from Trackers trying to track me to bad frame loads to CSS breaks and everything so I just find that interesting So to the right of that is traffic light Traffic light is to me the most it's done by bit sorry Yeah, it's done by a bit defender folks at bit defender and simply what it is is it will let you know how Skevia website is or not and if it's like an actual like scam website or they've detected like malicious code being embedded in the website It will automatically block you from visiting that website again, especially in defense or maybe even the CTF itself They're being dicks and they like to throw you like like basically like honey pot you web wise into just spam Hell or DDoS hell or like literally running malware off your browser This will prevent most of that and If the website's fine like github right now it's a checkbox and it does a traffic light system yellow It's unsure or it's like you should be okay. Just there's odd stuff about so it'll tell you don't click this This is a tracker that's from tracking you if it's red it will not let you access it whatsoever And it will tell you why which again, let's say someone did direct you to a malicious page during attack and defense And they stop it it will tell you again why which might also Give you good recon to how they set up that page And I literally had someone who used that tool where they were maliciously Redirected to a page to try to load malware But now not only could they they knew I had malware so they could actually pull the malware off the page and Edit the malware, but they actually realized that they put up a page of hoping malware at you and doing the computer Prevented that website itself that hosted the malware to run had a security flaw So they were able to use the other tools and scan it and then basically attack It's like sending a bullet Like shooting a bullet up someone else's gun It was absolutely amazing and that's actually how I heard about traffic light and I installed that I've been using it for myself both as a casual thing as well as in this browser doing exercises and it's it's pretty useful in my opinion and then again snowflake no good thing general to have but No flake lets you know Automatically without having the futstume menus and stuff like you don't have to load up u matrix to see if web RTC is not working if snowflake goes down that the icon goes dim You know web RTC is not working and there's either something configured a badly on your end or something rotten in Denmark is happening on your network. So that's good thing. No in the last one This is the thing I've used. I'll be honest I've only used this twice did help me in these instances But I've only used it twice and it's called hacker one scope and it's really simple People out there probably know a hacker one. They're a huge There's a bunch of bug bounty platform services, but they're probably the biggest one they host their own conventions They I know they have a huge presence at Defconn. I believe they're also at black hat They did their own mini con during hackers summer camp and stuff So let's say again Let's say you're using this red teaming browser bug bug bounty and your main page is Hacker one because it is the biggest and most popular so I imagine most people are gonna be using it and you want to know the scope URLs which is which is essentially like little lines of code and they like they look like code But it's they they look like basically ISP and it lets you know with each bug basically each line is basically a Basically like a barcode different bug bounty tasks So instead of having to scroll through all the page and clicking on it and then finding that unique identifier When you're on that hacker one page You just click on that icon and it brings up in the browser Every single one of the IDs for each of the bug bounties and you can copy pasta them and that works not only with You trying to figure out. Oh, what bug bounties are they looking for? But it will also show you the ones where people have found bugs that they haven't corrected yet That are basically like we found this bug the exploit still works But we're impending trying to fix it So if you're doing recon especially for like a big website or something again doing bug bounties And you want to I'm not saying you should but let's say you want to exploit one of those you oh Type in the website and hacker one. Oh, they have it do the scope And then you'll see the scope for oh, they have this CV and they haven't patched it yet And then you can go to town on that. So that's that row So now we're on the last row and these these are going to go by really quick But honest, this is where this row is where you're going to be directly Interfacing with the website and doing actual like mostly red teaming stuff red teaming and reconnaissance is the focus of this browser Okay, so that blue one to the left that says a land is exactly what you think it is And there's actually one more slide, but don't move from this slide to stay on the slide We'll get to that in a second It was the only screenshot I could do of because I would only have screenshots of all these but again real life That's the I apologize that land button. It's simply called and it's exactly what it sounds It is the land port scan for bitter This is a godsend particularly with attack and defense CTS I've had people thought that I'd like configured these like amazing Dynamic firewalls with a with like machine learning to know like when and to turn on and off certain ports Now here's the end secret I load up this browser and if someone tries to crawl up my browser on a land port I just simply click on it once and it does the The it destables the land port for scan for that tab and if I click it again It's going to disable it for the entire browser and then when I click it once again all the ports are open again So I'll literally have one of those icons light up or I'll have an application that tells me Hey, there's some weird scans going on your browser And then I just in real time click that and continue on my work and they're they're fucked they got blocked So like people think I've done like this amazing is scripting of stuff or that like I'm doing some insane multitasking No, it's oh cool. You're trying to scan me browsing the website blocked That's it. That's what the tool does. That's a secret So to the right of that is an amazing app. I will put this way if you had to download A demon app that does something a Pone Fox. This is really cool. It's spelled PW and FOX and Not only can you Containerized stuff which by the way if you've already set up containers with the previous extension Will find those so list those containers Dependently, but when you go to a certain container it will do burp proxy and burp scans in Browser or whatever URL you have containerized So let's say you're amassing a list you're going through different challenges Or maybe there's multiple web pages you want burp scan and you can put them all in one container and then open Up Pone Fox and then do the burp proxy scan on it and now you have all the information for that So again right there in browser the next Four things are all information stuff. So this is not directly interfacing But these are really good resources without having you to fumble through manuals virtually or in person And just to know how good these tools are two of the tools We're done by the winning team of the global cyber games this hack or summer camp that happened on Thursday Which which made me that made me confident that two professional teams with one of them that one Their person who was their web browser exploit expert one because they had two of these so that's how important these all are so the first one is simply called Hack tools and this thing does multiple Stuff that you can look up it gives basically it's a giant cheat sheet if you can't remember bash commands or ZHS netcat pht PowerShell Python Ruby you can as much tty spawn shells It gives you basically a cheat sheet list for all sorts of different types of commands that you can enter in In order to do different types of the exploits without having you to fumble on through the notes And they're all easily categorized the next one is called recon and this Basically gives you all the tools you need you can also right-click URLs to use it opens up a new tab and It allows you to do multiple different things you could do a who is which you will not use because of an extension that we already have later You can do DSM lookups first DNS host records zone lookup zone transfers reverse IP lookup for that address geo IP You can end that scan directly in the browser without even having to load up the terminal trace route You can do all sorts of stuff with all the sort of recon things that you would normally need multiple terminal applications for Right in that one browser tab and you can leave that tab open and just constantly click back and go back to it One click opens up the tab do all the recon you want with that with that ISP, and you're good I just need a quick drink break here. So hang on That's been one of my most useful things to cut down time because in CTFs You know some things obviously have to percolate like if you're compiling but time is essential Next one after that that thing that looks like the guy with the trench coat in a top hat is the penetrating Penetration testing kit. No, it's not a deal though. This thing Does everything else the other two don't do? See here because I'm open to that mind It's showing a loss if there's a loss secure headers the cookie storage in it Spons up different sessions and I'm on get hub right now. It's telling me the value I can look up the path or directory on this the age of the website here. It gives me SCA Information it's now actually it's auto searching. So, you know, I said with WP scan It's search WordPress one for vulnerabilities This thing will search vulnerabilities for everything else. That's not WordPress So yeah, hopefully until they're game so there was no Burned in CVE's that were found but if you did have a website that was not as secure SCA scan will bring up all the current CVE's It shows you all the different types of proxies that that websites done you can do it You can edit and and do our builder information. You can also do scan our attack Reconna sorry our attack information. So red teaming attack information to put in here you can also do decoder stuff and You can also it's also does its own Has own inbuilt editor. So this is probably going to be your main red teaming thing to be honest Besides one other thing in here that I'm gonna get to and do icons the last one of these have like resource stuff is what's called evil villain You can turn it on and off and what this simply does I'm gonna switch from offer this is It gives you again all the other information this doesn't so pretty much the first two the hack hack tools and the recon Perfect research information the penetration testing kit and evil villain will be most of your Like actual red teaming tools in browsers for particularly web exploits and stuff and again anything you would need simple in terminal You just launched terminal in browser if you need to do more complex stuff That's when you go to your actual terminal again saves time everything's in one locations also easier to take screens Browser screenshots that way especially in Firefox rather than to do it Just through your desktop and you're fumbling around through files So it's all sorts of things you could do but can show blacklist information Different you can turn on different functions in our HTML outer HTML create contextual fragments all the documents We're in things like that just basically picks up all the stuff that the petrissing Petration testing kit doesn't so the one next one by the way jump two slides forward if you can this is the only other slide I unfortunately have I'm sorry. I'm sorry if I'm swearing. I apologize for that my bad. Okay, so yeah So unfortunately the only screenshot of one of the things that I could do so this is the so Big questions always like can you do man the middle attack in browser and yes, you can While the penetration testing kit has a simple Our attack scripting thing. This is a more in-depth man in the middle scripting for the web So doing any sort of web or networking information you can open this tab You can insert your own scripts that you that you've made Blocking rules how to rules response and content scripts and this just manages so you can take all your scripts and put them in whichever rule Section you want and it will auto deploy them and see if you can if those scripts execute Congratulations, you've done a militech for that network or that particular website So the next two things are more of stuff that like you would normally use if you were a website builder But they're still very useful in terms of particularly doing CTF stuff for web CTF category. So the first I'm actually gonna let's see so the first one is called web tester and Once again, this gives you different commands that you can put into the URL or in the scripting of a website itself in order to You're at how things work So if you bring up the penetration testing kit or you're you're working on scripts for man in the middle And you want to see if which XSS scripts exploits work or XXE or sequel I This has the master list of all of them And you can literally instead of typing them individually or trying to remember them You can copypasta them in order like let's see it's when I did the scan it says an XSS Vernibility, so it's like let's do quote auto focus on focus alert Do that one that didn't work. Let's try the script alert one thing. Oh, that's the one that did it That's the SSX exploit. So that's what that's useful for it's one last reference thing The one to the right of that. This is kind of bizarre. I've used I've actually used this more than you think This is an AWS agent key ID signer So I literally had one challenge where you had to back wall on AWS and basically had to take over the AWS account and what I did was I I Did the scan with the penetration testing box tool and then with that information I found It's a CVE I found a specific CVE for that website that that server was using that actually gives you partial information or the AWS key ID and Normally that's kind of useful because it's just like hey You have the key you can show kind of part of the key ID But you can't really enter in because you need to have special things or know how in order to sign it with this extension You can so I copied that key ID. I put that in there I did other stuff to guess the secret and then did that look that sign that pass that code off To that website their network broke because that website and then I got access to the actual agent and I got that point so it may seem kind of useless if you don't are not dealing with AWS keys whether it's for bug bounty or On your CTF you can remove that or temporary turn off if you want But this actually helped me get a flag on something. So that's why it's still up there. Okay, so Do more quick recon things this one I actually have to put in this one has like a not a cap capture, but it has its own like are you a human? Yes So the BW is called built with and simply what this does is any website you're on you click that it tells you everything You need to know about the website of how they made it. So let's I go right now I actually let's go to the NYC 2600 and I'll bring it up right here Let's see. It's yeah, it says WordPress Google front API eyes Contains form 7 its framework is 2015. This is all public information by the way, so I'm not like doxing them or anything It has an Apple mobile web clips icon a viewport meta. It's basically very I was compatible here It's email hosting providers SFS uses usage That's SSL by default cPanel SSL and this again just amazing recon so I can like break down and know Exactly what this website is built out of and then I start finding websites with that I've also encountered there's actually playing a CTS were sometimes in order to do proper recon for something on tagging offense Or let's say with the website you There are actual flags sometimes were in order to do the exploits on the website You actually have to look up an older version and yes You could type in archive.org or way back machine and funnel through that or you can click on that trash bin icon And the way back machine is right there. So you click on that you type in the URL Oh, by the way, are we still on that current man in the middle slide? Can we go back two more slides so we can see the full? Our again, I realized I forgot to go back There we go perfect so sorry about that and Literally, I think in like two more minutes will be done with this But this gives you way back machine right there So instead of having to even type in the URL For way back machine you just click on that type in whatever URL copypasta URL and it will bring up all the stuff right there You click on the older version it will load a separate tab for it right there So you don't have to fumble through way backs machines actual website The other great the gray icon to the right of that because we're on the left or right here This is simply it edits the website. I encode wise This will not affect the website directly Let's say you're doing reconnaissance on a website or they attack on defense or you're trying to find a web exploit and You have to jump for something else, but you want to write hey This is where we're gonna get into this moment a hidden input is you can click on that and above the hidden input You can type like, you know quote and make it red text hidden input Unquote and it will display that on the website visually and then you go back and edit it And then when you go back to the page, it's like where did I put the hidden input? Oh, I wrote it right here. So this basically allows you to doodle on the website and change whatever you want It doesn't affect the end website else. Let's be website on that browser. You're not editing any of the actual code It just is visually for you so you can take notes on what you're doing with that website We get out of that mode in the second. So you click it to turn it off It's gonna be a bunch of web stuff next so we're gonna jump to over so we're skipping that bug There's a reason why I'm skipping all the little bug icons by the way So the next one that that's a HTML5 logo That's left to the gear. This is simply a blocker So it has four categories JavaScript CSS image object and media and you can go to website and you can click on the CSS tab And when you refresh the page all the CSS will turn off and you it will load But not look any of the CSS same thing you can turn off all the images You could turn off all the JavaScript even though you could do that also with no they no script all the objects all the media and again Now not only you can you can tell by futzing with it how well websites built without even looking at the code The want more comprehensive editing for a website who had that gear icon, which is web developer This lets you access and see Allows you to disable turn on off way more things. So for example, they have a CSS tab And this allows you to disable all styles You can disable all the embed styles all the print styles edit the CSS or view it directly And it's just a more comprehensive of the previous extension these next two are quite simple So that little Superman icon with the HTML5 logo opens up a new pad You can edit each you can edit HTML5 directly in there not the website you were on But if you have to generate any sort of HTML like copy it does it right there It gives you four windows an HTML editor a CSS editor a JavaScript editor and the preview of what all three of them will Look like when you load it and you could do website stuff there without loading vs. Codium or a Txt or whatever similar to it's one next with that little m-pointed down icon to its right down editor opens up a new window for markdown and It works exactly like any other editor on the left is the markdown code on the right is all the formatting that you can see So you can edit markdowns right there also to note. I have configured this browser So that not only when you click on a dot MD or a markdown file It will actually show the markdown code in the website So it won't load down the it won't download the file It won't show you the finished thing with the formatting it will show you the markdown code right there So you can copy possible that into the markdown editor all in browser But it also does that with JSON files so instead of downloading the JSON If you want to download it you can right-click save it But if you click on the link it will load all the dot JSON information right there in the browser So just putting that out there Okay, we're almost done here. So the next one which is very useful Let's say you're going to website you're doing recon or you're trying to find exploit But it has a billion pieces of information There's like if it's that you're on the New York Times You're trying to find bugs balance from your time, but it's just you know, you know the New York Times It's just bullet shot. There's just stuff everywhere images and everything What this does it's called the head headings map you click on it It opens up kind of like a browser bookmark tab to their left of the website It's the current website you're looking at there opens it up And it gives you an in-text a breakdown in a tree So, uh, you know for New York Times It will say top new story and then underneath that list all the new story listings And then underneath that will be like opinion piece header all of that So just visually in text breaks down all the stuff that you're seeing So you're not overwhelmed with noise and you can go and click on a section And it will bring visually your what the website you're looking at right to that section Again, we're trying to speed up the process So instead of you trying to be like what am I looking at what I'm looking for you click on headings map Okay, that's what I was looking for content creation click and it'll bring you right there all inside the browser tab these next two I I love these two. I love these extensions. So that little fox icon has nothing to do with fire fox It's called hack the hack the form and simply what it does and if I had video I would show it to you So I'll show that next week There's a thing in html called hidden input. So anytime you see a little input window A lot of times when you're typing stuff, there's other info that's being dynamically It's encoded into the page, but it doesn't render and you visually can't see it. So let's say, you know, you're typing in Oh, I don't know like maybe like it's a directory listing for different restaurants But when you type in the restaurant name, it's breaking down Like um, what font you're using what's capital and what's lowercase things like that and with javascript stuff in particular Um, if you have a password screen, there's a lot of stuff that's not rendered on the page It's showing behind the scenes because if you saw those things be able to reverse engineer the password If you ever are on an input thing you click the hack the forum button And it will show what the hidden inputs are in real time as if it was rendered in the browser without that privacy shield turned off So I've literally had challenges where they make a base website and it's like tihi ha ha people don't usually do this anymore There's a javascript login password instead of trying to do like Force attack and scriptings. I just click hack this forum Literally shows the password in the hidden uh forum part of it and the copy pasta that password into the password and yo dog I heard you like passwords. I got in things like that the one to the right of it Which I actually need to place it differently on my browser. It's called. I am not a human. It's simple A lot of websites respond differently if they think you're a bot So, uh besides chameleon, which I'll get to near the end um If you show up I this for example amazon.com You click on that button amazon will show you a ton of developer information that users don't normally see Just because it thinks you're a bot that's looking at developer information So sometimes by advertising yourself as a bot through the browser You will get browser information for whatever you're doing reconnaissance on or bug bounding for That you didn't even know where that was there or that could be rendered on the page and you can toggle it on and off uh So the right of that is dot get if you that website has any get repos It will search for them bring them all up You can download each individual one because there's some web challenges where you have to find the hidden get repo And in that get repos the flag this will find it almost instantaneously Uh to the right of that is a code injector. So this is another place where you can Put in scripts similar to the man in middle, but instead you're doing code injection directly on the website I also have another code injector if you do the control uh control shift Be that sorry not control should be the control be for bookmarks. You can change the tab There's another injection for right there just in case you're in the bookmark area, but it's always good to have a script injector um And actually both of these the blue one and that black one next to each other There's a code injector and script injector they each have different tool uses. So I put both of them on there um I also have a javascript injector. So all three of those are are injector apps Probably you only really need one of them But I put it so that way when you download the profile whichever ones you don't want to use you can delete So that little playback looking icon is called tweak It's grayed out. It's left. It's left to that little circle at the ip And what it simply does and it's really powerful is it allows you to mock and modify htp and htps request Which is really useful if you're doing ctf stuff Finally the last of the recon stuff the ip and the circle is it uses dns Uh litics to search for your i the ip of the website that you're on and it does the reverse dns The ip range all of that shows you visual maps of where all that stuff is located And then to the right of that the one that says i and p We'll show you what your current ip addresses Which is really useful if you're using torr or vpn so that you know if it's like working or not So it's like it might be pn. You can cut back p and do your eyes. Oh, that's not sp But or maybe someone's like doing weird things like let's say it's attack and defense and they're affecting your isp on your side You'll be able to click on it. Just really good to know what your current isp is at any time that you want The right of that is a really useful tool called light beam This is a depreciated extension by firefox and essentially as you browse websites It will you ever see the uh any fans of it's always sunny in philadelphia So you probably remember the whole pepe silvia skit that turned into a meme or he he goes completely paranoid at his job So he has the whole newspaper clippings and he has the string yarn connecting all the stuff That's what firefox light beam does but it does With you visiting websites So as you visit websites all the time it will show you a visual graph of all the websites that you visited How those websites relate to each other and to the other websites like other google analytics and other data mining stuff Of what's connected to it and where and what those are connected to so it gives you a topology map of where you've been surfing And where those websites have been Final couple of extensions here um on this bar and then we have two more to look at and we're done Is net speed test which just basically at any time lets you test your internet speed you click on it It's right now estimating my base speed right now It takes a little bit. It's a couple of seconds if it I'm probably by the time i'm done talking it will load but i'm not going to read you this up I'll let you know your up the time down time speed again a lot of times when you're especially in attack and defense if your speeds are off That means something wrongs going on. It's kind of like how they say if you hear your fan kick on you're being hit by malware or a minor a lot of times referee goes on with uh, you know people are screwing around with Your network speed when they modify something on your network So that's just a great way to know like what's your speed going on to the right of that is network monitor It just shows all the different types of requests information The right of that is chameleon which allows you to change your user agent to all different types of browser and operating system types Always very useful And then finally is simple login. So anytime you have to do with a ctf or a recon It's also just good for private stuff in general Uh, you create an account here You can also sign with an api key and what simple login will do is it'll generate endless forwarding emails So you can hit generate a new email. It generates it You put it in that to sign up for the account and let's say they start spamming you about, you know Cuisinart food vacuum cleaners and stuff you can kill that account And it doesn't know what your email is because that was simply a forwarding address So it just spins up endless email forwarding address Uh, all the way to the left. So if you look at what I have with the Presentation and you can see the full browser all the way to the left. There is a little eraser icon There's a reason why quarantine that all the way to the left. This is the forget button What this does is if your browser is really screwed up or compromised, especially in red team blue teaming They've screwed your browser up. You've downloaded some Or there's no there's a malicious cookie that you just can't modify or get rid of and you're about to be screwed Or they're pulling information off your browser You hit that button it closes fire fox it opens it again and everything about this is gone You will still have the extensions there But your bookmarks will be gone. Your cookies will be cleared Everything that you were doing with that is gone. It's essentially a giant reboot button And that's why it's quarantined all the way to the left I didn't want to put it with the rest of these icons and you're like trying to figure out your network speed and up I click the you know, uh, the nuke button and it killed everything. So I put that button all the way there Uh, finally last two things about this and I swear to god, we're done A lot of people probably know the whole 12 that when you on chrome and firefox when you hit f12 You can inspect the current code on there like right now in firefox as a console debug or Work stuff by default. It's really good for like when you're making websites A couple of the extensions, which is why skip some over them use this an interface with this So the first one I've added here is fire fire php And simply what that thing does is that those are those little bug icons. So when the little bug icon All lights up lets you know there's php you can explain and edit. Um, you can also go into the url tab and uh hit the uh The blow button to enable and turn it on so it can look at it of like, yes You can read it and what it will do is you can start looking at and potentially if they if it's super insecure Start editing the php right there without having to like use a red teaming application to go to url And pull their php out manually and then look at it on your code and you can do it right here on the f12 tab um same thing with uh ht, uh, there's a the html validator which will allow you to go through the html code and see if there's any exploits line by line through the code of the website that you're currently looking on So it's really good to use in conjunction with the wp scan and the pen testing box and everything else And then I put both hack bars in here Uh offhand so I know I already have the script injectors But let's say you're in the f12 thing and you for some reason don't want to move your mouse all the way up to Do the script injection you can do both of them right here, uh, sql xss lfi The other one has uh, ldap Wave things like that and then lastly also an f12 is its own cookie editor So again, if you don't want to go into web mode, you're right now in the debugging mode You can do the cooking edit cookie editing right there and that's all the f12 stuff So yeah, um couple of modifications the background again, it loads json and and uh, uh markdown files directly in browser One or two privacy things and search stuff from navel most of its extensions Again, do you probably need all of these extensions? It depends on what your threat model is I just put this together because it covers every single thing you would need to do for red teaming So whether you are going to load your own firefox profile instance And download individual extensions because you only need five or if you take the profile and you take some of them off Or put them back on it's all up to you I just put everything there so you could edit it all if you want and to use a mod of by if I quote from fear and loading las vegas Uh, when you start an extensive red teaming browser extension list You tend to try to push as far as can go before I end the talk The last thing that I want to do tell you about this is you'll notice in that bar beneath There's a bunch of bookmark files And these have different things and first of all because I made it and it's under gcg 201 There is a link to our medium blog. So, you know, that's my hey credited to our group And you know, you click on it brings up our page tells you when the meetings are things like that That's all that's bookmark is but then there are four folders other bookmarks are just random bookmarks for things It all says bookmarks for some extensions You might want to look at that I just simply didn't include because I didn't think they were that important But the three main ones here is you have a hacker os Bookmark tab, which will if you've never had to do Pre-made os for penetration testing It has all of them here has different versions of kali linux power security black arch Guides to how to modify your mac mac book like let's say you're loading this on this browser on a mac book to make it CTF ready Has listings for windows options things like that the privacy tab Not only gives you guides of how to do better privacy web privacy stuff But it also gives a cool listing tools for if you were more privacy conscious as the like the link for here for secure drop link to an xfs cleaner Crypt pad for sharing notes cryptography advice things like that But the two big ones here are the pen test links, which to me is a curated list of Online tools that you can use that are not extensions that you'd be able to use for this Such as the crocodile hunter from elect farm tear foundation, which allows you to track certain extensions in real time um Has the has an nft scanner if your challenge has to do with nfts because i've seen a couple those challenges pop up Browser leaks which allows you to test the actual firefox browser that you're currently in stuff like that And then probably the most important tab is a learn page. This has tutorials for all sorts of things it has Documentations for different versions of linux like debbie in it has a free and open source programming book director Has networking books cryptography books By the way, one extension. I forgot you can not only right click images and it can stenography Look at the scenographics of that image, but you can also Right click highlighted text like let's say you find a encrypted Key like the actual encrypted key all and it's crazy like Stuff you can highlight that right clicked it and you can use different, uh Cryptological methods to attempt to decrypt it. So I forgot to mention that but there's cryptography books in this browser listing And it also has links to ctf resources such as hack the box and hacker 101 Um pico ctf is a great beginner ctf and then all the way at the bottom It has a bunch of really useful tutorials on how to do a lot of like a lot of intermediate to complex ctfs and security stuff such as uh, securing a shell account on a shared server or uh, how to set up How to set up a VM instances so you can learn how to do password cracking All on your own time How to use metasploit things like that all in there So if you're ever lost or you know, you downloaded this and you're like me when I started this beginning ctf And you're like I don't know really how to program in python And how do you do this? Subscripting stuff that learn tab has all the stuff in there. And yeah, so quick Basically Has extensions there's a lot of reconnaissance bug bounty and even direct red teaming attack stuff such as man in the middle um, ip scanning script injections things like that um, and it has a ton of resources for, um Learning on how to do red teaming and privacy and security stuff all built in Next week, uh the day after our so our the dcg201 meeting is going to be on august 19th That one's going to be in person at um At helens pizza in jersey city new jersey all the information will be on our blog on monday The day after will be the live stream version of that meeting and I will visually Over the same thing all over again except i'll be clicking and doing this stuff in real time And that day you will see a blog post That will go over it'll have the individual extensions and the links to them So if you just want to download them individually, you can and then it will have both a zip and a tar That you can bring in go to about colon profiles Rag and drop that into a new profile and it'll load up all this stuff as is and you can just start Literally hacking away at websites and doing bug bounties. So, um, I wasn't planning for any questions or anything I didn't know if anyone had any but if you did I guess you could say that now unless we're out of time Otherwise, thank you for listening to me ramble about extensions for a while I cannot wait till the tool drop next week and when you do it Definitely send me feedback. Tell me if things aren't working. Tell me if certain extensions have stopped working If you have a better idea of how to do something or a better extension or a better modification Tell me that not only will I add that in there I will credit you on the blog and stuff for any further modification that I've made if you've made me suggestions So thank you for listening and hope everyone has a fantastic def com whether you're in person or virtually and uh, as they as lock as um lock lab used to say, uh, stay safe And stay legal and if vegas floods again, do not try to surf the waves I'm from new jersey. I know the hudson river. It's like the hudson river. You don't know where that order has been Thank you. I don't know if there's time for questions, but that's the end of my talk Well, thank you side pocket for such an interesting presentation And this is the last presentation of our event our space will be opened through noon tomorrow Uh, so you can come back and play around and throw the cow off the roof and hang out and talk and that sort of thing I'll be there and we we also And you can ask you can ask some questions tomorrow too And also we have fireworks for the grand finale. So go at it Thank you all for coming Thank you