{"id":13762859,"url":"https://github.com/yeswehack/PwnFox","last_synced_at":"2025-05-10T15:32:03.695Z","repository":{"id":40256799,"uuid":"268284729","full_name":"yeswehack/PwnFox","owner":"yeswehack","description":"PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.","archived":false,"fork":false,"pushed_at":"2023-09-21T20:58:54.000Z","size":308,"stargazers_count":999,"open_issues_count":15,"forks_count":92,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-08-04T00:04:18.863Z","etag":null,"topics":["bugbounty","firefox-extension","hacking","pentest"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yeswehack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-31T13:21:41.000Z","updated_at":"2024-08-03T17:25:22.000Z","dependencies_parsed_at":"2024-08-03T14:16:06.465Z","dependency_job_id":null,"html_url":"https://github.com/yeswehack/PwnFox","commit_stats":null,"previous_names":["b-i-t-k/pwnfox"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2FPwnFox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2FPwnFox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2FPwnFox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yeswehack%2FPwnFox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yeswehack","download_url":"https://codeload.github.com/yeswehack/PwnFox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253436670,"owners_count":21908382,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","firefox-extension","hacking","pentest"],"created_at":"2024-08-03T14:00:59.257Z","updated_at":"2025-05-10T15:32:02.888Z","avatar_url":"https://github.com/yeswehack.png","language":"JavaScript","readme":"# \u003cimg src=\"/firefox/icons/icon.svg\" width=30\u003e PwnFox\n\nPwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.\n\nIf you are a chrome user you can check https://github.com/nccgroup/autochrome. \n\n- [PwnFox](#img-srcfirefoxiconsiconsvg-width30-pwnfox)\n  - [Features](#features)\n    - [Single click BurpProxy](#single-click-burpproxy)\n    - [Containers Profiles](#containers-profiles)\n    - [PostMessage Logger](#postmessage-logger)\n    - [Toolbox](#toolbox)\n    - [Security header remover](#security-header-remover)\n  - [Installation](#installation)\n  - [Build](#build)\n    - [All](#all)\n    - [Firefox](#firefox)\n    - [Burp](#burp)\n  - [Changelog](#changelog)\n\n\n## Features\n\n![popup](/screenshots/popup.png)\n\n### Single click BurpProxy\n\nConnect to Burp with a simple click, this will probably remove the need for other addons like foxyProxy. However if you need the extra features provided by foxyProxy you can leave this unchecked. \n\n###  Containers Profiles\n\nPwnFox give you fast access to the Firefox containers. This allow you to have multiple identities in the same browser. \nWhen PwnFox and the `Add container header` option are enabled, PwnFox will automatically add a `X-PwnFox-Color` header to hightlight the query in Burp.\n\nPwnFoxBurp will automatically highlight and strip the header, but you can also specify your own behavior with addons like logger++.\n\n![tabs](/screenshots/tabs.png)\n![burp](/screenshots/burp.png)\n\n\n\n### PostMessage Logger\n\nPwnFox add a new message tab in you devtool. This allow you to quickly visualize all postMessage between frames.\n\n![](/screenshots/post-single.png)\n\nYou can also provide your own function to parse/filter the messages.\nYou get access to 3 arguments:\n * data -\u003e the message data\n * origin -\u003e the window object representing the origin\n * destion -\u003e the window object representing the destination\n\nYou can return a string or a JSON serializable object.\n\n![](/screenshots/post-dual.png)\n\n\n### Toolbox\n\nInject you own javascript code on page load. The code will be loaded as soon as possible. This can used to add dangerous behavior detection, or just to add extra function to your js console.\n\n**Be carefull, the injected toolbox will run in the window context. Do not inject secret in untrusted domain.**\n\n\n![settings](/screenshots/settings.png)\n\nI will publish some of my toolbox soon (ENOTIME)\n\n\n### Security header remover\n\nSometime it's easier to work with security header disabled. You can now do it with a single button press. Don't forget to reenable them before testing your final payload.\n\nHeaders stripped:\n* Content-Security-Policy\n* X-XSS-Protection\n* X-Frame-Options\n* X-Content-Type-Options\n\n## Installation\n\n\nYou can find the latest build here:\n* [https://github.com/B-i-t-K/PwnFox/releases](https://github.com/B-i-t-K/PwnFox/releases)\n\n### Firefox\n - visit `about:addons` and choose install from file, then select `PwnFox-$version.xpi`\n - or install from \n[https://addons.mozilla.org/en-US/firefox/addon/pwnfox/](https://addons.mozilla.org/en-US/firefox/addon/pwnfox/)\n\n### Burp\n- Go to extender and add `PwnFox-Burp.jar` as a java extension.\n\n## Build\n\n### Firefox\n\n```shell\ncd firefox\nweb-ext build\n# the zip file is available in /firefox/web-ext-artifacts/pwnfox-${version}.zip\n# Optional. If you want to sign you own build\nweb-ext sign --api-key=\"$KEY\" --api-secret=\"$SECRET\"\n# the xpi file is available in /firefox/web-ext-artifacts/pwnfox-${version}.xpi\n\n```\n### Burp\n\nOpen and compile with Intellij IDEA\n\n## Changelog\n\n* v1.0.3\n  * Fix missing highlight with burp v2021.4.2\n* v1.0.2\n  * First public release\n","funding_links":[],"categories":["Weapons","bugbounty","JavaScript"],"sub_categories":["Browser Addons"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyeswehack%2FPwnFox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyeswehack%2FPwnFox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyeswehack%2FPwnFox/lists"}