Browser tip for Infosec!

Chrome vs Firefox:

Chrome and Firefox are the two most popular browsers in the market. Chrome is maintained by Google and Firefox is maintained by Mozilla foundation.

Hidden login in chrome:

The moment we install chrome it will ask for login into Google. It is not for gmail login but keep you logged in always in the browser. Chrome will sync our entire activity with that account(Unless activity is paused in Google myaccount). And secondly while configuring proxy(burp or zap) for web penetration testing in chrome, it will change the system values rather than browser only values which is not a good option.

Right option:

Choosing firefox as the main browser is the ideal solution. Although we are using firefox for default browsing, we also need to setup proxy(burp or zap) to intercept the requests in the browser. We can't use Default browser as proxy browser as it generate lot of legitimate traffic which we don't need during analysis.

2nd Browser:

We need to isolate the proxy traffic from default traffic. For that we can use the other browsers in the market which are derived from Firefox eg:Waterfox. The first advantage is we use Firefox for default browsing and it is important because we do lot of goggling during the pen-testing and we don't want to capture that traffic. Secondly because waterfox browser is forked version of Firefox, the proxy settings are used for browser wide not system wide.

Last update: June 3, 2020