So far , I have just found out 2 Mozilla Firefox add ons / plugins for Web Hacking Purposes . Here they are :
- Technika Security Framework
I found this (unreleased) plugin when i was visiting GNUCITIZEN , and this firefox plugin is created by David Kierznowski , a senior Security Analyst in UK (he’s also the owner of michaeldaw.org). Some kewl features offered by this plugin are:

• tech.dspider – DOM link spider.
• tech.forms – GET/POST form parser.
• tech.mutate – By specifying a payload and regex, we can mutate our target arrays and build tests.
• tech.scan – tech.scan is our actual engine that will handle our GET and POST requests.
• tech.mNikto – Mini-Nikto . We called it mini-nikto as it currently only contains a very small database.
• tech.g – This is one of my favorite tools in the TS framework. It uses the Google AJAX API (JSON) to fetch links and perform other Google hacking queries outside of our current DOM. This is really useful even when it is not security related.
• tech.store – Utilizes the Firefox sessionStorage to allow us to persistently store arrays.

Well , i really don’t have any idea about this plugin actually (coz’ i haven’t tried it out ) . Details can be found here.
- HackBar 1.1.1
HackBar 1.1.1 is Mozilla Firefox plugin created to assist you to do penetration testings against SQL INJECTION and XSS . I’ve tried this plugin by myself , and it’s strongly recommended. Some kewl features of this plugin :

• MySql CHAR() converter
• MsSQL CHAR() converter
• md5 generator
• URL SPLITTER
• BASE64 ENCODE
• BASE64 DECIDE
• URL ENCODE
• URL DECODE

Go try this plugin by yourself , and you’ll find the ease of sql injection / xss pentests . Download Here now!

Fifrefox Security Addons are some firefox addons which have some special purpose like web application pentesting , web browser security enhancement and so on. I’m going to give you a list of Firefox security addons that you must have on your firefox browser
So here they are :

1. Firebug
This addon can be useful� to debug your javascript,css,html from your firefox browser. Download Firebug : https://addons.mozilla.org/en-US/firefox/addon/1843

2. Hackbar
A very useful firefox security addon to effectively launch some penetration testing to web application (sql injection,xss and more) it supports md5 , base64 . mssql char and so on . Download Hackbar : https://addons.mozilla.org/en-US/firefox/addon/3899

3. Anonymouser

4. Switcher
This will be useful to hide your User Agent . Download User Agent Switcher : https://addons.mozilla.org/en-US/firefox/addon/59

5. Modify Headers
Easily modify your http header Download Modify headers addon : https://addons.mozilla.org/en-US/firefox/addon/967

6. XSS-me
By using XSS-me , you will be able to do a xss pentest easily. Download XSS-me : http://www.securitycompass.com/exploit_me/xssme/xssme-0.2.1.xpi

7. Sql-inject-me
Same as the addon aboce , but it’s specialized in sql injection attack. Download sql-inject-me : http://www.securitycompass.com/exploit_me/sqlime/sqlime-0.2.xpi

Not sure if this deserves to be in the "How To" section, but I figured it might save someone a few headaches and a lot of googling.



Download:


http://www.orbit-lab.org/kernel/comp...2.6.33.tar.bz2

Code:

tar -xf /root/compat-wireless-2.6.33.tar.bz2
cd compat-wireless-2.6.33
make
make install
shutdown now -r

Once rebooted:

Code:

start-network

Then, Wicd Manager=>Preferences=>Wireless Interface: wlan0

Refresh and you should see some wireless networks.



Thanks to dustyboner for directing me to the compat drivers.



****kukubau was able to get it working using these commands. Anyone that tries either of these, please let me know if they work.

Code:

tar -xf /path/to/compat-wireless-2.6.33.tar.bz2 - latest stable compat-wireless drivers

cd /path/to/compat-wireless-2.6.33.tar.bz2

./scripts/driver-select - it will show you a list of supported hardware

./scripts/driver-select - VERY IMPORTANT - WRITE THE DRIVER FOR YOUR CARD. FOR ATHEROS - ath9k

so

./scripts/driver-select ath9k

make

sudo make install

I’ve automated the customising process of the livecd to a convenient script which can be run on the BT4 Pre final (and future) release. This script sets up a build environment for you and drops you off in a modifiable chroot. You update, upgrade, add, remove packages, and then exit the shell. The script goes on to build a modified iso for you, including the updates and additions you introduced.
The script is very basic, with many elements hard coded (for example, the iso name expected is bt4.iso), but is easily modifiable.  In this video demonstration we install the broadcom wireless drivers, to support the Broadcom Corporation BCM4322 802.11a/b/g/n Wireless LAN Controller (rev 01) card in Macbooks. In addition, we update our backtrack tools to the most recent versions.
The script is available here: http://www.offensive-security.com/bt4-customise.sh
Check it out here : Customising BT4 the easy way

This method of getting a live install to a USB drive is the simplest available using Unetbootin. Note that we will format the USB drive and erase its contents.

1. Plug in your USB Drive (Minimum USB Drive capacity 2 GB)
2. Format the USB drive to FAT32
3. Download Unetbootin from http://unetbootin.sourceforge.net/
4. Start Unetbootin and select diskimage (use the backtrack-final ISO)
5. Select your USB drive and click “OK” for creating a bootable BackTrack USB drive
6. Log into BackTrack with the default username and password root / toor.

This method of installation is the simplest available. The assumption is that the whole hard drive is going to be used for BackTrack.

1. Boot BackTrack on the machine to be installed. Once booted, type in “startx” to get to the KDE graphical interface.
2. Double click the “install.sh” script on the desktop, or run the command “ubiquity” in console.
3. Select your geographical location and click “forward”.  Same for the Keyboard layout.
4. The next screen allows you to configure the partitioning layout. The assumption is that we are deleting the whole drive and installing BackTrack on it.
5. Accept the installation summary and client “Install”. Allow the installation to run and complete. Restart when done.
6. Log into BackTrack with the default username and password root / toor. Change root password.
7. Fix the framebuffer splash by typing “fix-splash” ( or “fix-splash800″ if you wish a 800×600 framebuffer), reboot.

When you first boot up the new Backtrack 4, you may have noticed something slightly different. So what is this “Start BackTrack Forensics” option about?

Live CDs and Forensics

For a long time now, Linux Live CDs have been very useful for forensic acquisition purposes in instances where for one reason or another you can’t utilize a hardware write blocker. When configured not to automount drives, and a little bit of know how, a Linux Live CD can be a wonderful software write blocker. For a Linux live CD to be considered for this purpose however, it is of the utmost importance that the use of the live CD in no way alters any data in any manner. In the past, this ruled out the use of Backtrack for forensic purposes. Backtrack would automount available drives and utilize swap partitions where available. This could cause all sorts of havoc, changing last mount times, altering data on disk, and so on. Well, no longer! The Backtrack 4 Live CD has incorporated changes to allow a boot mode which is forensically clean. This is great news, as with Backtrack being such a popular live CD, a copy can often be found close at hand.

How?

So, lets have the scoop. Forensic people are often detail oriented and very conservative, so how do we know it is safe to use? Well, first off the Backtrack 4 Live CD is based off of Casper, and contains no filesystem automount scripts at all. The system initialization scripts have been altered in the forensic boot mode so that Backtrack 4 will not look for or make use of any swap partitions which are contained on the system. All those scripts have been removed from the system.

Verification

To test this functionality, we have tested this boot mode with multiple hardware configurations. For each test, we took a before MD5 snapshot of the system disks, booted BT4 in forensic boot mode, verified no file systems were mounted and swap was not in use, did a number of activities on the system, then shut the system back down and took an after MD5 snapshot. In comparing the two MD5 snapshots, in every case they were a match, demonstrating no changes on the disks has been made. So, can you trust Backtrack 4 for your forensic purposes? Well, not until you verify it as well! Just like any forensic tool, its negligent to just take someone else’s word that any tool works properly. Its up to you to independently verify the tool before you use it. We expect your results will match ours, and you will find Backtrack 4 is a great addition to you tool set. (And, if your results find a problem, please let us know ASAP and include details as to how you conducted your testing. As, that would be a real problem.)

Usage

When you utilize Backtrack for forensics purposes, be sure you don’t let it go through an unattended boot. Default boot for Backtrack is standard boot mode, which will use swap partitions if they are present. There is a nice long delay however, so you will have plenty of time to select the proper boot mode. Also, please remember, this is a Linux distribution. It is highly suggested that you become familiar with Linux before use this, or any other Linux Live CD for any forensic purpose. Also, be sure to check out the additional forensic tools added to Backtrack 4. We have concentrated on the addition of imaging and triage tools, but if you find that one of your favorite utilities is not in place please let us know so we can look into having it added.

BackTrack BackTrack is a distribution based off of what used to be WHAX and Auditor . It is a full size distro built off of SLAX. BackTrack Page | Download | Status: Active

Damn Vulnerable Linux ( DVL ) "Damn Vulnerable Linux (DVL) is a Linux-based tool for IT-Security. It was initiated for training tasks during university lessons by the IITAC (International Institute for Training, Assessment, and Certification) and S²e - Secure Software Engineering in cooperation with the French Reverse Engineering Team." - DamnVulnerableLinux.org Damn Vulnerable Linux ( DVL ) Page | Download | Status: Active

DEFT DEFT (acronym of "Digital Evidence & Forensic Toolkit) is a customized distribution of the Kubuntu live Linux CD. It is a very easy to use system that includes an excellent hardware detection and the best open source applications dedicated to incident response and computer forensics. -Deft.yourside.it DEFT Page | Download | Status: Active

Hakin9 "a bootable distribution containing all the tools and materials needed for practising methods and techniques described in the hackin9 magazine" -http://www.hakin9.org/en/index.php?page=hakin9_live- Hakin9 Page | Download | Status: Active

Helix "Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics." -http://www.e-fense.com/helix/- Helix Page | Download | Status: Active

nUbuntu "The main goal of nUbuntu is to create a distribution which is derived from the Ubuntu distribution, and add packages related to security testing, and remove unneeded packages, such as Gnome, Openoffice.org, and Evolution." - nubuntu.org nUbuntu Page | Download | Status: Active

Network Security Toolkit ( NST ) "This bootable ISO live CD is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms." -networksecuritytoolkit.org Network Security Toolkit ( NST ) Page | Download | Status: Active

OWASP Labrat "The OWASP Live CD (LabRat) is a bootable CD akin to knoppix but dedicated to Application Security. It shall serve as a vehicle and distrubition medium for OWASP tools and guides." -OWASP.org OWASP Labrat Page | Download | Status: Active

Frenzy "Frenzy is a "portable system administrator toolkit," LiveCD based on FreeBSD. It generally contains software for hardware tests, file system check, security check and network setup and analysis. Size of ISO-image is 200 MBytes (3" CD)" -http://frenzy.org.ua/eng/ Frenzy Page | Download | Status: Active

grml "grml is a bootable CD (Live-CD) based on Knoppix and Debian. grml includes a collection of GNU/Linux software especially for users of texttools and system administrators. grml provides automatic hardware detection. You can use grml for example as a rescue system, for analyzing systems/networks or as a working environment." -http://grml.org/ grml Page | Download | Status: Active

Ophcrack "The ophcrack LiveCD contains a small linux system (SLAX6), ophcrack for linux and rainbow tables for alphanumerical passwords.The liveCD cracks passwords automatically, no installation necessary, no admin password necessary (as long as you can boot from CD). Windows Vista SAM can also be cracked." -Ophcrack.sourceforge.net Ophcrack Page | Download | Status: Active

FCCU The Gnu/Linux boot CD-Rom is made by the Belgian Federal Computer Crime Unit (FCCU) It’s based on the KNOPPIX Live CD version 4.02 by Klaus Knopper. The main purpose of the CD : help the forensic analyze of computers All scripts made by the FCCU begin with the "fccu" prefix -lnx4n6.be FCCU Page | Download | Status: Active

OSWA Assistant "The OSWA-Assistant™ is a self-contained, freely downloadable, wireless-auditing toolkit for both IT-security professionals and End-users alike."—http://oswa-assistant.securitystartshere.org/ OSWA Assistant Page | Download | Status: Active

Russix Russix is a Slax based Wireless Live Linux. It has been designed to be light (circa 230Mb) and dedicated purely to wireless auditing. It is not a script kiddy phishing tool and as such, while it will allow you to break a WEP key in 6 key strokes and conduct an "Evil Tiny Twin" attack in less than 5, it will not let you become the latest version of Barclays Bank. Russix Page | Download | Status: Active

Samurai The Samurai Web Testing Framework is a LiveCD focused on web application testing. We have collected the top testing tools and pre-installed them to build the perfect environment for testing applications. Samurai Page | Download | Status: Active

Chaox-NG Chaox-NG Page | Download | Status: Active

SECmic SECmic3 is a Kubuntu 10.04 LTS Lucid Lynx based security distribution. It is FREE to download, and will be forever. It comprises over 200 security oriented applications preinstalled. SECmic3 is Ubuntu/Kubuntu update compatible. Meaning you will be able to receive security updates directly from the Ubuntu/Kubuntu repositories for the lifetime of this Kubuntu 10.04 LTS based release. SECmic3 is a Remastersys backup. SECmic forums have been setup to allow you, the user, to voice your opinions, identify bugs related to this release and to allow us to include new application that you suggest in future releases. You will never hear anyone from SECmic tell you “If you don’t like it, build your own security distro.” We welcome ALL comments for improvement. Donations may include test hardware and monetary values using the donate link at the top-right of the page. - SECmic.org SECmic Page | Download | Status: Active

GnackTrack GnackTrack is a Live (and installable) Linux distibution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it’s most certainly not; it’s very similar but based on the much loved GNOME! -GnackTrack.co.uk GnackTrack Page | Download | Status: Active

Matriux Matriux Page | Download | Status: Active

Katana Katana Page | Download | Status: Active

Securix-NSM Securix-NSM Page | Download | Status: Active

Auditor "The Auditor security collection is a Live-System based on KNOPPIX. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. Independent of the hardware in use, the Auditor security collection offers a standardised working environment, so that the build-up of know-how and remote support is made easier." - http://www.remote-exploit.org/index.php/Auditor_main- Auditor Page | Download | Status: Inactive

Knoppix-NSM "knoppix-nsm is dedicated to providing a framework for individuals wanting to learn about Network Security Monitoring or who want to qucikly and reliably deploy NSM in their network. Our goal is to provide an introduction to NSM and a distribution that can be used as a launch pad to bigger things." -www.securixlive.com Knoppix-NSM Page | Download | Status: Inactive

Knoppix-STD "STD is a Linux-based Security Tool. Actually, it is a collection of hundreds if not thousands of open source security tools. It’s a Live Linux Distro, which means it runs from a bootable CD in memory without changing the native operating system of the host computer." - http://www.knoppix-std.org/- Knoppix-STD Page | Download | Status: Inactive

KCPentrix " The Kcpentrix Project was founded in May 2005 , KCPentrix 1.0 was liveCD designed to be a standalone Penetration testing toolkit for pentesters, security analysts and System administrators" - KCPentrix.com KCPentrix Page | Download | Status: Inactive

Protech Protech is a specially designed Linux distribution for security technicians and programmers. It’s imcomparable usability and stability makes this a unique product. -Techm4sters Protech Page | Download | Status: Inactive

FIRE "FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment." -http://fire.dmzs.com- FIRE Page | Download | Status: Inactive

Arudius Arudius is a Linux live CD with tools that try to address the network security aspect (penetration testing and vulnerability analysis) of information assurance. It is based on Slackware (Zenwalk) for i386 systems and targets the information security audience. Arudius Page | Download | Status: Inactive

INSERT "INSERT is a complete, bootable linux system. It comes with a graphical user interface running the fluxbox window manager while still being sufficiently small to fit on a credit card-sized CD-ROM." -http://www.inside-security.de/insert_en.html- INSERT Page | Download | Status: Inactive

Local Area Security ( LAS ) Local Area Security ( LAS ) Page | Download | Status: Inactive

NavynOS "Navyn OS is a gnu/linux distribution based on Gentoo. Gentoo isn’t a typical distribution like Debian or Slackware, it doesn’t even have an installer, it is similar to making your own distribution. The main part of Gentoo is portage, a set of scripts for installing and removing programs." -http://navynos.linux.pl/ NavynOS Page | Download | Status: Inactive

Operator "Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM." - http://www.ussysadmin.com/operator/ Operator Page | Download | Status: Inactive

Pentoo "Pentoo is a penetration testing LiveCD distribution based on Gentoo. It features a lot of tools for auditing and testing a network, from scanning and discovering to exploiting vulnerabilities." -http://www.pentoo.ch/-PENTOO-.html- Pentoo Page | Download | Status: Inactive

PHLAK "PHLAK is a modular live security Linux distribution (a.k.a LiveCD). PHLAK comes with two light gui’s (fluxbox and XFCE4), many security tools, and a spiral notebook full of security documentation. PHLAK is a derivative of Morphix, created by Alex de Landgraaf." - http://www.phlak.org/modules/news/- PHLAK Page | Download | Status: Inactive

PLAC "PLAC is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools. ISO will be avialable and scripts to roll you own cd." -http://sourceforge.net/projects/plac/- PLAC Page | Download | Status: Inactive

Plan-B "Plan-B is a bootable Linux environment without the need for a hard drive, it runs entirely in ram or from the cd, based on a basic, stripped installation of Red Hat Linux and the fundamental workings of the SuperRescue CD" -http://www.projectplanb.org/ Plan-B Page | Download | Status: Inactive

SENTINIX "SENTINIX is a GNU/Linux distribution designed for monitoring, intrusion detection, vulnerability assessment, statistics/graphing and anti-spam. It’s completely free; free to use, free to modify and free to distribute. SENTINIX includes the following software, installed and pre-configured; Nagios, Nagat, Snort, SnortCenter, ACID, Cacti, RRDTool, Nessus, Postfix, MailScanner, SpamAssassin, openMosix, MySQL, Apache, PHP, Perl, Python and lots more." -http://sentinix.tigerteam.se/ SENTINIX Page | Download | Status: Inactive

Talos "Talos is a security LiveCD, based on SLAX 5.1.0 with over 90 security tools preinstalled. It runs directly from the CD without the need to install on the harddisk. Talos is currently on BETA version 0.1 and its available to download." -ISafe.gr Talos Page | Download | Status: Inactive

ThePacketMaster ThePacketMaster - Mission-Specific Live-CD Linux Distributions - thepacketmaster.com ThePacketMaster Page | Download | Status: Inactive

Trinux Minimal ramdisk linux distribution meant for network monitoring. Trinux Page | Download | Status: Inactive

WarLinux A linux distribution for WarDrivers. WarLinux Page | Download | Status: Inactive

Whoppix "Whoppix is a stand-alone penetration-testing live CD based on KNOPPIX. With the latest tools and exploits, it is a must for every penetration tester and security auditor. Whoppix includes several exploit archives, such as Securityfocus, Packetstorm, SecurityForest and Milw0rm, as well as a wide variety of updated security tools." -Distrowatch Whoppix Page | Download | Status: Inactive

WHAX Updated project from Whoppix. Currently discontinued and merged with BackTrack. WHAX Page | Download | Status: Inactive

HeX HeX is a live security distribution that focuses on security monitoring and forensics. HeX Page | Download | Status: Inactive

Stagos FSE "Stagos FSE aims to be a computer forensic framework based on FLOSS operating system. Builds from Ubuntu, it has many feature to do forensics stuff. It supports read variant filesystem, include ntfs. It also support read some forensic imaging file from another forensic software such like ENCASE." -linuxforums.org Stagos FSE Page | Download | Status: Inactive

SNARL

snarl is a bootable forensics ISO based on FreeBSD and using @stake’s autopsy and task as well as scmoo’s list of known good checksums. -snarl.eecue.com
SNARL Page | Download | Status: Inactive