This is a firefox extension developed by me to detect vulnerabilities that are caused due to HTTP headers.
Submitted vulnerabilities to websites like #Signup , #Chargify, #Hotstar, #Medium, etc using this tool. Got listed in #Chargify HOF and other organizations are resolving the issues.
Every day we visit hundreds and thousands of web pages that fetch data from thousands of servers. Have you ever thought about how many vulnerabilities might be existing in those applications which can be exploited by hackers to perform malicious activities?
Have you ever tried exploiting websites? Finding vulnerabilities in web applications? Is there any way to automate this? How can we make the websites more secure which we access every day?
Do you think it's an easy job? Well, definitely not. It takes a lot of patience, hard work, and dedication to doing it.
All the websites today are highly dependent on theHTTP Headers. Hackers take this as an advantage and try to exploit them and they are highly successful.
To prevent these attacks and to make the websites more secure, I created this firefox extension which parses the headers of all the requests which are flowing through your firefox browser to check for vulnerabilities.
This is still in the starting phase and this extension will be able to detect vulnerabilities like
- CORS Misconfiguration
- Host Header Injection
- Missing X-XSS-Protection headers
Want to add more features to this tool? Fork the repo.
Like this tool, STAR it and click on watch to get more updates on this tool.