Hack Tab Web Security Tests
About Hack Tab Web Security Tests
Test web apps for XSS, SQL Injection, File Inclusion, support login and CSRF. Developers, QA, Pen TestersABOUT HACKTAB:
--------------
HackTab is a web vulnerability testing application in your browser. When enabled for a targeted domain It watches all communication between your browser and the site you are testing and it identifies each parameter and data type for each parameter. This allows HackTab to re-create any communication between your browser and the target domain and test all HTTP parameter inputs to the application. Hacktab only tracks requests to domains you target and includes watermarks on pages it is tracking.
HackTab currently tests for Reflected Cross Site Scripting, Persistent XSS, SQL Injection, Local File Includes and Cross Site Request Forgery. It is blazingly fast and can handle most web forms including forms with CSRF protection.
KNOWN BUGS:
------------
* please report!
INTRODUCTION VIDEO:
-------------------
https://www.youtube.com/watch?v=gnHfXWGg4Aw
CURRENT TESTS:
--------------
Cross Site Request Forgery
Reflected XSS
MySQL Injection - sleep()
MS SQL Injection - wait for()
Generic SQL Injection - and 1=2
Local File Inclusion
COMMON QUESTIONS:
-----------------
Q: Does HackTab monitor all of my web traffic?
A: No. HackTab ONLY monitors traffic to domains you target in it's configuration and ONLY when enabled
Q: Does HackTab scan the site when I target it?
A: No. HackTab only sends tests for the parameters you target and only sends the tests that you have selected when you scan that single parameter. All tests are manually triggered.
Q: Where are the tests run from?
A: The tests are run directly from your web browser.
Q: What permissions does HackTab require?
A: HackTab requires permission to send HTTP requests to targeted domains and also read the responses from those targeted domains.
Q: Does HackTab store any information about vulnerabilities?
A: No. All site data is stored in your local Chrome extension. HackTab uses Google Analytics to store usage data. This includes number of tests run and which features users are using. No site information or identifying information is used or stored anywhere outside of your web browser.
Change Log:
----------
2.1.1:
added support for Persistent XSS !
fixed a bug when counting vulnerabilities on parameters
fixed a bug displaying different urls with same parameter names
improved error handling and logging
various other bug fixes
2.1.0:
added testing for CSRF vulnerability
added flag for server state
added success and failure strings
bug fix when testing single parameter
bug fix when deleting a url
replaced watermark logo for tracked pages
removed verbose logging
removed dead code
decreased footprint of content scripts
2.0.4:
Fully redesigned UI
Ability to save scans
Ability to load scans
Test entire hosts
Test entire URLS
Improvements in testing CORS headers
Prerequisites for CSRF plugin
Various bug fixes
Added watchdog timer to handle stuck plugins
Improved support for filtered requests, firewalled hosts and timeouts
1.10.2:
Fixes for CORS requests. Now updates Origin HTTP header and sets the Origin to the HTTP Host header value.
Added several new fields including number of requests set per test, test time and a sample test URL
Several bug fixes around analytics logging.
Included new feedback form in popup so users can leave feedback about new features
1.0.9:
reduced analytics overhead
test probes are now sent from web workers greatly improving performance and responsiveness!
reduced debug logging
several small bug fixes
1.0.7:
fix for auto detecting CSRF token regular expressions
1.0.6:
fixed edge case that could cause probe requests to be logged when scanning many parameters at once
1.0.5:
fixed crash logging
updated API DNS
1.0.3:
Fully redesigned interface.
Single threaded to prevent requests from interfering with each other
New "current domain" target button allows for easily selecting the current domain
Improved internal storage lowers memory footprint
Many bug fixes
More consistent output
0.9.17: * support for sending cookies with test data. * Fix spinner when testing MySQL and MSSQL. * Rename MS and My SQL vulnerability types for better clarity.
--------------
HackTab is a web vulnerability testing application in your browser. When enabled for a targeted domain It watches all communication between your browser and the site you are testing and it identifies each parameter and data type for each parameter. This allows HackTab to re-create any communication between your browser and the target domain and test all HTTP parameter inputs to the application. Hacktab only tracks requests to domains you target and includes watermarks on pages it is tracking.
HackTab currently tests for Reflected Cross Site Scripting, Persistent XSS, SQL Injection, Local File Includes and Cross Site Request Forgery. It is blazingly fast and can handle most web forms including forms with CSRF protection.
KNOWN BUGS:
------------
* please report!
INTRODUCTION VIDEO:
-------------------
https://www.youtube.com/watch?v=gnHfXWGg4Aw
CURRENT TESTS:
--------------
Cross Site Request Forgery
Reflected XSS
MySQL Injection - sleep()
MS SQL Injection - wait for()
Generic SQL Injection - and 1=2
Local File Inclusion
COMMON QUESTIONS:
-----------------
Q: Does HackTab monitor all of my web traffic?
A: No. HackTab ONLY monitors traffic to domains you target in it's configuration and ONLY when enabled
Q: Does HackTab scan the site when I target it?
A: No. HackTab only sends tests for the parameters you target and only sends the tests that you have selected when you scan that single parameter. All tests are manually triggered.
Q: Where are the tests run from?
A: The tests are run directly from your web browser.
Q: What permissions does HackTab require?
A: HackTab requires permission to send HTTP requests to targeted domains and also read the responses from those targeted domains.
Q: Does HackTab store any information about vulnerabilities?
A: No. All site data is stored in your local Chrome extension. HackTab uses Google Analytics to store usage data. This includes number of tests run and which features users are using. No site information or identifying information is used or stored anywhere outside of your web browser.
Change Log:
----------
2.1.1:
added support for Persistent XSS !
fixed a bug when counting vulnerabilities on parameters
fixed a bug displaying different urls with same parameter names
improved error handling and logging
various other bug fixes
2.1.0:
added testing for CSRF vulnerability
added flag for server state
added success and failure strings
bug fix when testing single parameter
bug fix when deleting a url
replaced watermark logo for tracked pages
removed verbose logging
removed dead code
decreased footprint of content scripts
2.0.4:
Fully redesigned UI
Ability to save scans
Ability to load scans
Test entire hosts
Test entire URLS
Improvements in testing CORS headers
Prerequisites for CSRF plugin
Various bug fixes
Added watchdog timer to handle stuck plugins
Improved support for filtered requests, firewalled hosts and timeouts
1.10.2:
Fixes for CORS requests. Now updates Origin HTTP header and sets the Origin to the HTTP Host header value.
Added several new fields including number of requests set per test, test time and a sample test URL
Several bug fixes around analytics logging.
Included new feedback form in popup so users can leave feedback about new features
1.0.9:
reduced analytics overhead
test probes are now sent from web workers greatly improving performance and responsiveness!
reduced debug logging
several small bug fixes
1.0.7:
fix for auto detecting CSRF token regular expressions
1.0.6:
fixed edge case that could cause probe requests to be logged when scanning many parameters at once
1.0.5:
fixed crash logging
updated API DNS
1.0.3:
Fully redesigned interface.
Single threaded to prevent requests from interfering with each other
New "current domain" target button allows for easily selecting the current domain
Improved internal storage lowers memory footprint
Many bug fixes
More consistent output
0.9.17: * support for sending cookies with test data. * Fix spinner when testing MySQL and MSSQL. * Rename MS and My SQL vulnerability types for better clarity.
Why Download Hack Tab Web Security Tests?
- ✅ Trusted by 6325+ users worldwide
- ✅ High Rating: 3.57/5 stars from 23 reviews
- ✅ Latest Version: 2.4.7 - Always up to date
- ✅ Safe & Secure: Verified by Chrome Web Store
- ✅ Free to Use: No cost required
Extension Details
Type: Extension
Category: Chrome Browser Extension
Compatibility: Google Chrome Browser
Last Updated: June 12, 2021
Developer: Chrome Web Store Verified
Discover Hack Tab Web Security Tests - The Best Chrome Extension for Your Browser
Looking for the perfect Chrome extension to enhance your browsing experience? Hack Tab Web Security Tests is one of the most popular and highly-rated extensions available on the Chrome Web Store, trusted by over 6325 users worldwide.
With an impressive 3.57-star rating based on 23 authentic user reviews, Hack Tab Web Security Tests has proven its value and reliability to the Chrome community. This extension is perfect for users who want to improve their productivity, enhance their browsing security, or simply add useful functionality to their Chrome browser.
Download Hack Tab Web Security Tests today and join thousands of satisfied users who have already discovered the benefits of this powerful Chrome extension. Installation is quick and easy - simply click the download button above to be redirected to the official Chrome Web Store where you can safely install this extension in just a few clicks.
Similar extensions
