Browser tip for Infosec!

Chrome vs Firefox:

Chrome and Firefox are the two most popular browsers in the market. Chrome is maintained by Google and Firefox is maintained by Mozilla foundation.

Hidden login in chrome:

The moment we install chrome it will ask for login into Google. It is not for gmail login but keep you logged in always in the browser. Chrome will sync our entire activity with that account(Unless activity is paused in Google myaccount). And secondly while configuring proxy(burp or zap) for web penetration testing in chrome, it will change the system values rather than browser only values which is not a good option.

Right option:

Choosing firefox as the main browser is the ideal solution. Although we are using firefox for default browsing, we also need to setup proxy(burp or zap) to intercept the requests in the browser. We can't use Default browser as proxy browser as it generate lot of legitimate traffic which we don't need during analysis.

2nd Browser:

We need to isolate the proxy traffic from default traffic. For that we can use the other browsers in the market which are derived from Firefox eg:Waterfox. The first advantage is we use Firefox for default browsing and it is important because we do lot of goggling during the pen-testing and we don't want to capture that traffic. Secondly because waterfox browser is forked version of Firefox, the proxy settings are used for browser wide not system wide.

Impressum

RebornInfosec

I have planned this blog to express my view on Information security and will try to learn/help from/for other security minds. All views expressed here are strictly from personal view. This blog is neither an organization nor affiliated to any organization with respect to the blog posts.

Varun Kondagadapa

Hi.. Myself Varun Kondagadapa and I am Information Security Specialist having 2+ years of experience in Securing organizations. From startups to MNC I have work experience in all scales of Infra.

Write your comment…

Be the first one to comment