The 6 Firefox add-ons I cannot live without (for debugging + performance tuning)Mattias Geniar, Wednesday, March 9, 2011 - last modified: Tuesday, July 24, 2012
There are some things in life you take for granted. The water when you get when you turn on the shower, the heat when you try to warm a house and the firefox plugins you've gathered over the years. Except that last (well, the others too -- but that's something else) isn't really that straight forward. And it deserves some attention and careful fondling.
So, here's a list of the Firefox extensions i need to do my thing. That means debugging websites, performance tuning, testing, ... Since the browser really is your primary weapon, you need it to be well-armed. And trust me, these are some fine guns.
A, such bliss. See all the HTTP headers that are sent and received to and from the server. Think request URLs, Cache, Encoding, Cookies, Custom headers, ... This is a must have if you're ever configuring a caching server (Varnish), debugging AJAX requests or are just generally interested in what HTTP headers are used on any site.
No matter how many HTTP benchmarks you run, there's nothing like "real" simulation using "real" HTTP headers sending back and forth to track down problems. Where a "curl -I <url>" can do wonders, it doesn't send everything your browser would. It's also useful if you want to see your own custom HTTP headers.
So simple, yet so powerful. This shows you some interesting statistics in your bottom bar in Firefox. It tells you "Time to first byte" (aka: how long it took for the server to send a response), "time to completion" (how long server took + browser to render the page), the "total page size" and "number of requests". Especially the first counter is interesting, as that tells you how long your request has been "in process" at the server. For a quick idea on performance, LORI is very nice.
A very simple addon, that just shows you the current IP address of the server you're working on in your bottom bar. Easy to spot if you're on your own system, or a development server (in case you're cheating with altering your hosts-file). And can be used to see on which actual server you're working on a Round Robin DNS configuration. Right clicking allows you to get the IP directly on your clipboard.
This, again, is a very powerful tool. SwitchHosts allows you to change your hosts-file on-the-fly within your browser. Want to test your site on a new server? Simple: just add a new host entry in your browser, refresh the page and you're loading the exact URL on a different server. This takes away the annoyance of changing hosts-file on a Windows client, or interfering DNS cache in your browser. Just click, change and refresh the page.
Ever created a form where you wanted to test how users could "cheat" on input? Thought a select list was safe enough to not validate those return values? Guess again. Tamper data lets you change the data you're sending back to the server. Allows you to easily manipulate all POST data that gets sent. Before the POST data goes out, Tamper Data intercepts it and let's you change all values you are about to send.
The left screen lets you modify the HTTP request, while the right had side let's you input anything in the POST form fields.
This is a great starting point for webapp pentesting, when fiddling with the GET parameters gets you nowhere.
Some think it's too large, some get annoyed by the place it takes within your browser. I love it for 2 simple reasons: cookie manipulation and CSS style information. Web Developer can do so much more, but just the on-the-fly editing of cookies and viewing what CSS styles are applied to what DOM object makes it a must-have.
I'm always looking for added-value. So I'm curious to know what add-ons you're using, and why I should consider them. Share'm with me! :-)