Hack Tab Web Security Tests Chrome Extension

Test and hack web apps xss, sql injection, file inclusion, support login and CSRF. Developers, QA, Pen Testers.

ABOUT HACKTAB: -------------- HackTab is a web vulnerability testing application in your browser.

When enabled for a targeted domain It watches all communication between your browser and the site you are testing and it identifies each parameter and data type for each parameter.

This allows HackTab to re-create any communication between your browser and the target domain and test all http parameter inputs to the application.

Hacktab only tracks requests to domains you target and includes watermarks on pages it is tracking.

hacktab currently tests for reflected cross site scripting, Persistent XSS, sql injection, local file includes and cross site request forgery.

It is blazingly fast and can handle most web forms including forms with csrf protection.

KNOWN BUGS: ------------ * please report!

INTRODUCTION VIDEO: ------------------- https://www.youtube.com/watchv=gnHfXWGg4Aw CURRENT TESTS: -------------- Cross Site Request Forgery Reflected XSS MySQL Injection - sleep() MS SQL Injection - wait for()()()() generic sql injection - and 1=2 Local File Inclusion COMMON QUESTIONS: ----------------- Q: Does HackTab monitor all of my web traffic A: No.

HackTab ONLY monitors traffic to domains you target in its configuration and ONLY when enabled Q: Does HackTab scan the site when I target it A: No.

HackTab only sends tests for the parameters you target and only sends the tests that you have selected when you scan that single parameter.

All tests are manually triggered.

Q: Where are the tests run from A: The tests are run directly from your web browser.

Q: What permissions does HackTab require A: hacktab requires permission to send http requests to targeted domains and also read the responses from those targeted domains.

Q: Does HackTab store any information about vulnerabilities A: No.

All site data is stored in your local chrome extension.

hacktab uses google analytics to store usage data.

This includes number of tests run and which features users are using.

No site information or identifying information is used or stored anywhere outside of your web browser.

Change Log: ---------- 2.1.1: added support for Persistent XSS !

fixed a bug when counting vulnerabilities on parameters fixed a bug displaying different urls with same parameter names improved error handling and logging various other bug fixes 2.1.0: added testing for csrf vulnerability added flag for server state added success and failure strings bug fix when testing sing