Friday, December 2, 2011

On RHEL 6, SSH, DNS, Firewalls and slow logins

SkyHi @ Friday, December 02, 2011
I recently ran into an issue where SSH was taking a long time (around 20+ seconds) to log in to a number of RHEL 6 boxes. The funny thing was, the issue only occurred at a single co-location facility, all other RHEL 6 systems would login just fine. Turns out this is because the systems at the co-location facility are located behind a Cisco firewall, and between the firewall and the RHEL6 box lies the problem.
After spending a lot of time going back and forth with Red Hat support about the issue, I found a knowledge base article on the problem. Sadly Red Hat’s knowledge base is no longer accessible to the general public, however there is another more detailed post located at linuxquestions.
This is going to end up being a big deal for a lot of users in the future, so I thought I would post it up, but credit where credit is due, I didn’t find this solution, it appears that the chap that posted to linuxquestions did.
The long and the short of it is, add the following line to your /etc/resolv.conf file:

options single-request-reopen

This option is not documented in the man page sadly, but there is more information about it in this change log message.


CentOS: Disable Unneeded Services at Boot Time

SkyHi @ Friday, December 02, 2011

Determine which Services are Enabled at Boot

Run the command:
# chkconfig --list | grep :on
The first column of this output is the name of a service which is currently enabled at boot. Review each listed service to determine whether it can be disabled.
If it is appropriate to disable some service srvname , do so using the command:
# chkconfig srvname off

Services to disable if possible


Is this a machine which is designed to run all the time, such as a server or a workstation which is left on at night? If so:
# yum erase anacron
The anacron subsystem is designed to provide cron functionality for machines which may be shut down during the normal times that system cron jobs run, frequently in the middle of the night. Laptops and workstations which are shut down at night should keep anacron enabled, so that standard system cron jobs will run when the machine boots.
However, on machines which do not need this additional functionality, anacron represents another piece of privileged software which could contain vulnerabilities. Therefore, it should be removed when possible to reduce system risk.

apmd - Advanced Power Management Subsystem

If the system is capable of ACPI support, or if power management is not necessary, disable this service:
# chkconfig apmd off
APM is being replaced by ACPI and should be considered deprecated. As such, it can be disabled if ACPI is sup- ported by your hardware and kernel. If the file /proc/acpi/info exists and contains ACPI version information, then APM can safely be disabled without loss of functionality.

autofs - Automounter

If the autofs service is not needed to dynamically mount NFS filesystems or removable media, disable the service:
# chkconfig autofs off
The autofs daemon mounts and unmounts filesystems, such as user home directories shared via NFS, on demand. In addition, autofs can be used to handle removable media, and the default configuration provides the cdrom device as /misc/cd. However, this method of providing access to removable media is not common, so autofs can almost always be disabled if NFS is not in use.
Even if NFS is required, it is almost always possible to configure filesystem mounts statically by editing /etc/ fstab rather than relying on the automounter.


The Avahi daemon implements the DNS Service Discovery and Multicast DNS protocols, which provide service and host discovery on a network. It allows a system to automatically identify resources on the network, such as printers or web servers. This capability is also known as mDNSresponder and is a major part of Zeroconf networking. By default, it is enabled.
Because the Avahi daemon service keeps an open network port, it is subject to network attacks. Disabling it is particularly important to reduce the system’s vulnerability to such attacks.
Edit the files /etc/sysconfig/iptables and /etc/sysconfig/ip6tables (if IPv6 is in use). In each file, locate and delete the line:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT
By default, inbound connections to Avahi’s port are allowed. If the Avahi server is not being used, this exception should be removed from the firewall configuration. See Section 2.5.5 for more information about the Iptables firewall.

bluetooth and hidd

If the system requires no Bluetooth devices, disable this service
# chkconfig bluetooth off
If the system has no Bluetooth input devices (e.g. keyboard or mouse), disable this service:
# chkconfig hidd off
Add the following to /etc/modprobe.conf to prevent the loading of the Bluetooth module:
alias net-pf-31 off

cups and cupsd

Do you need the ability to print from this machine or to allow others to print to it? If not:
# chkconfig cups off

firstboot - Installation Helper Service

Firstboot is a daemon specific to the Red Hat installation process. It handles “one-time” configuration following successful installation of the operating system. As such, there is no reason for this service to remain enabled.
Disable firstboot by issuing the command:
# chkconfig firstboot off

gpm - Console Mouse Service

GPM is the service that controls the text console mouse pointer. (The X Windows mouse pointer is unaffected by this service.)
If mouse functionality in the console is not required, disable this service:
# chkconfig gpm off
Although it is preferable to run as few services as possible, the console mouse pointer can be useful for preventing administrator mistakes in runlevel 3 by enabling copy-and-paste operations.

haldaemon - HAL Daemon

The haldaemon service provides a dynamic way of managing device interfaces. It automates device configuration
and provides an API for making devices accessible to applications through the D-Bus interface.
HAL provides valuable attack surfaces to attackers as an intermediary to privileged operations and should be disabled unless necessary:
# chkconfig haldaemon off

hplip - The HP Linux Imaging and Printing (HPLIP) Toolkit

The HPLIP package is an HP printing support utility that is installed and enabled in a default installation. The HPLIP package is comprised of two separate components. The first is the main HPLIP service and the second is a smaller subcomponent called HPIJS. HPLIP is a feature-oriented network service that provides higher level printing support (such as bi-directional I/O, scanning, photo card, and toolbox functionality). HPIJS is a lower level basic printing driver that provides basic support for non-PostScript HP printers.
Since the HPIJS driver will still function without the added HPLIP service, HPLIP should be disabled unless the specific higher level functions that HPLIP provides are needed by a non-PostScript HP printer on the system.
# chkconfig hplip off

isdn - ISDN Support

The ISDN service facilitates Internet connectivity in the presence of an ISDN modem.
If an ISDN modem is not being used, disable this service:
# chkconfig isdn off

kdump - Kdump Kernel Crash Analyzer

Kdump is a new kernel crash dump analyzer. It uses kexec to boot a secondary kernel (“capture” kernel) following a system crash. The kernel dump from the system crash is loaded into the capture kernel for analysis.
Unless the system is used for kernel development or testing, disable the service:
# chkconfig kdump off

kudzu - Kudzu Hardware Probing Utility

Is there a mission-critical reason for console users to add new hardware to the system? If not:
# chkconfig kudzu off
Kudzu, Red Hat’s hardware detection program, represents an unnecessary security risk as it allows unprivileged users to perform hardware configuration without authorization. Unless this specific functionality is required, Kudzu should be disabled.

mcstrans - MCS Translation Service

Unless there is some overriding need for the convenience of category label translation, disable the MCS translation service:
# chkconfig mcstrans off
The mcstransd daemon provides the category label translation information defined in/etc/selinux/targeted/setrans.conf to client processes which request this information.
Category labelling is unlikely to be used except in sites with special requirements. Therefore, it should be disabled in order to reduce the amount of potentially vulnerable code running on the system. See Section 2.4.6 for more information about systems which use category labelling.

mdmonitor - Software RAID Monitor

The mdmonitor service is used for monitoring a software RAID (hardware RAID setups do not use this service). This service is extraneous unless software RAID is in use (which is not common).
If software RAID monitoring is not required, disable this service:
# chkconfig mdmonitor off

messagebus - D-Bus IPC Service

D-Bus is an IPC mechanism that provides a common channel for inter-process communication.
If no services which require D-Bus are in use, disable this service:
# chkconfig messagebus off
A number of default services make use of D-Bus, including X Windows, Bluetooth and Avahi. We recommends that D-Bus and all its dependencies be disabled unless there is a mission-critical need for them.
Stricter configuration of D-Bus is possible and documented in the man page dbus-daemon. D-Bus maintains two separate configuration files, located in /etc/dbus-1/, one for system-specific configuration and the other for session-specific configuration.

microcode ctl - IA32 Microcode Utility

microcode ctl is a microcode utility for use with Intel IA32 processors (Pentium Pro, PII, Celeron, PIII, Xeon, Pentium 4, etc)
If the system is not running an Intel IA32 processor, disable this service:
# chkconfig microcode ctl off

Disable All NFS Services if Possible (nfslock, rpcgssd, rpcidmapd, netfs)

If NFS is not needed, perform the following steps to disable NFS client daemons:
# chkconfig nfslock off
# chkconfig rpcgssd off
# chkconfig rpcidmapd off
The nfslock, rpcgssd, and rpcidmapd daemons all perform NFS client functions.
All of these daemons run with elevated privileges, and many listen for network connections. If they are not needed, they should be disabled to improve system security posture.
Determine whether any network filesystems handled by netfs are mounted on this system:
# mount -t nfs,nfs4,smbfs,cifs,ncpfs
If this command returns no output, disable netfs to improve system security:
# chkconfig netfs off
The netfs script manages the boot-time mounting of several types of networked filesystems, of which NFS and Samba are the most common. If these filesystem types are not in use, the script can be disabled, protecting the system somewhat against accidental or malicious changes to /etc/fstab and against flaws in the netfs script itself.

pcscd - Smart Card Support

If Smart Cards are not in use on the system, disable this service:
# chkconfig pcscd off

portmap - RPC Portmapper

  • NFS is not needed
  • The site does not rely on NIS for authentication information, and
  • The machine does not run any other RPC-based service
then disable the RPC portmapper service:
# chkconfig portmap off
By design, the RPC model does not require particular services to listen on fixed ports, but instead uses a daemon, portmap, to tell prospective clients which ports to use to contact the services they are trying to reach. This model weakens system security by introducing another privileged daemon which may be directly attacked, and is unnecessary because RPC was never adopted by enough services to risk using up all the ports on a system.
Unfortunately, the portmapper is central to RPC design, so it cannot be disabled if your site is using any RPC- based services, including NFS, NIS, or any third-party or custom RPC-based program. If none of these programs are in use, however, portmap should be disabled to improve system security.
In order to get more information about whether portmap may be disabled on a given host, query the local portmapper using the command:
# rpcinfo -p
If the only services listed are portmapper and status, it is safe to disable the portmapper. If other services are listed and your site is not running NFS or NIS, investigate these services and disable them if possible.

readahead early/readahead later - Boot Caching

The following services provide one-time caching of files belonging to some boot services, with the goal of allowing the system to boot faster.
It is recommended that this service be disabled on most machines:
# chkconfig readahead early off
# chkconfig readahead later off
The readahead services do not substantially increase a system’s risk exposure, but they also do not provide great benefit. Unless the system is running a specialized application for which the file caching substantially improves system boot time, this guide recommends disabling the services.


The rhnsd daemon polls the Red Hat Network web site for scheduled actions. Unless it is actually necessary to schedule updates remotely through the RHN website, it is recommended that the service be disabled.
# chkconfig rhnsd off
The rhnsd daemon is enabled by default, but until the system has been registered with the Red Hat Network, it will not run. However, once the registration process is complete, the rhnsd daemon will run in the background and periodically call the rhn check utility. It is the rhn check utility that communicates with the Red Hat Network web site.
This utility is not required for the system to be able to access and install system updates. Once the system has been registered, either use the provided yum-updatesd service or create a cron job to automatically apply updates.


Is there a mission-critical reason to allow users to view SELinux denial information using the sealert GUI? If not, disable the service and remove the RPM:
# chkconfig setroubleshoot off
# yum erase setroubleshoot
The setroubleshoot service is a facility for notifying the desktop user of SELinux denials in a user-friendly fashion. SELinux errors may provide important information about intrusion attempts in progress, or may give information about SELinux configuration problems which are preventing correct system operation. In order to maintain a secure and usable SELinux installation, error logging and notification is necessary.
However, setroubleshoot is a service which has complex functionality, which runs a daemon and uses IPC to distribute information which may be sensitive, or even to allow users to modify SELinux settings, and which does not yet implement real authentication mechanisms. This guide recommends disabling setroubleshoot and using the kernel audit functionality to monitor SELinux’s behavior.
In addition, since setroubleshoot automatically runs client-side code whenever a denial occurs, regardless of whether the setroubleshootd daemon is running, it is recommended that the program be removed entirely unless it is needed.

xfs - X Font Server

Disable the xfs helper service:
# chkconfig xfs off
The system’s requires the X Font Server service (xfs) to function. The xfs service will be started auto- matically if is activated via startx. Therefore, it is safe to prevent xfs from starting at boot when X is disabled, even if users are allowed to run X manually.


Disable the yum-updatesd service:
# chkconfig yum-updatesd off
Create the file yum.cron, make it executable, and place it in /etc/cron.daily:
/usr/bin/yum -R 120 -e 0 -d 0 -y update yum
/usr/bin/yum -R 10 -e 0 -d 0 -y update
This particular script instructs yum to update any packages it finds. Placing the script in /etc/cron.daily ensures its daily execution. To only apply updates once a week, place the script in /etc/cron.weekly instead.


Thursday, December 1, 2011

Kill list of processes from command line

SkyHi @ Thursday, December 01, 2011
kill `ps aux | grep Mozilla | grep -v grep | awk '{print $2}'`


ps aux | grep www-data | grep -v grep | awk '{print $2}' | xargs kill -9

4 Ways to Kill a Process – kill, killall, pkill, xkill

Kill command is use to send signal to a process or to kill a process. We typically use kill -SIGNAL PID, where you know the PID of the process.
There are other ways to effectively kill a process — killing a process by name, killing a process by specifying part of the name, killing a process by pointing out the process with cursor etc.,
In this article, let us review 4 ways to kill a process.

1. Kill Command – Kill the process by specifying its PID

All the below kill conventions will send the TERM signal to the specified process. For the signals, either the signal name or signal number can be used. You need to lookup the pid for the process and give it as an argument to kill.
$ kill -TERM pid

$ kill -SIGTERM pid

$ kill -15 pid
Example: Kill the firefox process.
$ ps -ef | grep firefox
1986 ?        Sl     7:22 /usr/lib/firefox-3.5.3/firefox

$ kill -9 1986

2. Killall Command – Kill processes by name

Instead of specifying a process by its PID, you can specify the name of the process. If more than one process runs with that name, all of them will be killed.
Example: Kill all the firefox processes
$ killall -9 firefox

3. Pkill Command – Send signal to the process based on its name

You can send signal to any process by specifying the full name or partial name. So there is no need for you to find out the PID of the process to send the signal.
Example: Send SIGTERM to all the process which has sample in its name.
$ pkill sample

Pkill Example:

Before sending signal, you can verify which are all the process is matching the criteria using “pgrep -l”, which displays the process ID and process name of the matching processes.
In this example, all the processes are designed to log the signal to signal-log, along with its PID.
$ pgrep -l sample
12406 sample-server.p
12425 sample-server.p
12430 sample-garbagec

$ pkill -USR1 sample

$ cat signal-log
Name: ./ Pid: 12406 Signal Received: USR1
Name: ./ Pid: 12425 Signal Received: USR1
Name: ./ Pid: 12430 Signal Received: USR1
Note: The part of name which you specify should be in the character within the first 15 character of the process name.

4. Xkill Command – kill a client by X resource

xkill is the simplest way to kill a malfunctioning program. When you want to kill a process, initiate xkill which will offer an cross-hair cursor. Click on the window with left cursor which will kill that process.
$ xkill
Select the window whose client you wish to kill with button 1....
xkill:  killing creator of resource 0x1200003
Note: Actually, xkill instructs XServer to terminate the client.


Mac OS X Viruses: How to Remove and Prevent the Mac Protector Malware

SkyHi @ Thursday, December 01, 2011

Every Apple fanboy will tell you that Macs are safe from malware, but it’s just not true. Recently a fake AV program has been targeting and infecting OS X computers in the wild. Here’s a quick look at how it works, how to remove it, and also how to prevent it in the first place.
The virus in question is actually a fake antivirus and trojan which goes by a few different names. It may present itself as Apple Security Center, Apple Web Security, Mac Defender, Mac Protector, and possibly many other names.
Note: we encountered this malware on a handful of user workstations at my day job, and then spent some time doing analysis of how it works. This is a real piece of malware, that’s really infecting people.

Screenshot Tour of a Mac Protector Malware Infection

The infection comes about from a webpage redirect which will present the user with the following page, that makes it appear like a real Mac OS X popup dialog.
If the user clicks remove all they will immediately begin downloading a package which will install the virus.
Once downloaded your computer will probably automatically begin installation. Luckily, for now, you still have to manually walk through the installation process. As more vulnerabilities are found this will probably change in the future just like it has for Windows’ users in the past.
Note: This was installed on a fully patched fresh install of OS X 10.6.7 with Symantec Endpoint Protection 11.0.6 fully up to date.
The installer will start and you will need to walk through the normal OS X process. Users will also be prompted for a username and password with administrative rights during the installation.
You may notice the new shield-like icon in the menu bar.
The program will automatically run and pretend to be loading some sort of database for what we can assume is virus definitions.
You will then be barraged with notifications and popups letting you know about your fake infection.
Just like fake antivirus programs on Windows, if you click on the cleanup button or on one of the notifications you will be told that your software is not registered and needs to be paid for.
If you click on the register button you will be asked for your credit card information.
Note: Do not fill out, submit, or even type your credit card info in this window.
If you close out of this window you will be asked to put in your serial number to continue.

Mac Protector/Defender Removal

To remove the virus close out of all of the windows with either the command+Q keyboard shortcut or click the red orb in the top left corner.
Now browse to your hard drive -> Applications -> Utilities and open the Activity Monitor. Locate the MacProtector process and click quit process.
Confirm the pop-up asking if you are sure you want to quit the process.
Open your Apple menu and select system preferences.
Select Accounts from the new window.
If you are not able to edit your account settings click on the lock in the lower left corner of the window and put in your admin password.
Select your user from the left and then click the login items tab. Select the MacProtector entry and then click the minus (-) button at the bottom of the window.
Close out of system preferences and go back to your Applications folder. Find the MacProtector application that was installed and either drag it to the trash, right click and move to trash, or drag to your favorite app zapper program.

How to Prevent Getting the Virus

There are some precautions you can take in getting this virus. First of all, use common sense when browsing the internet. If the website looks suspicious or the warnings look fishy, don’t click on them.
There will also probably be other warnings that something may contain a virus. For instance, the virus I managed to download was later flagged by Google as being harmful to my computer.
If you are using Safari you should also disable the setting to automatically open “safe” files after downloading. Go to your Safari preferences and uncheck the box to disable this setting.
You should also scan your downloads with an antivirus program. When the installer package is scanned with Symantec Endpoint it detects the virus immediately.
If you don’t have Symantec on your Mac, the Windows scanner also has definitions to detect this virus.
Have you encountered a Mac OS X malware infection in the wild? Be sure to share with your fellow readers in the comments.


Ensure High Availability with CentOS 6 Clustering

SkyHi @ Thursday, December 01, 2011

Wednesday, November 30, 2011

CentOS 6 with chrooted SFTP-only users + SSH hardening

SkyHi @ Wednesday, November 30, 2011
 Having a new server deployment to do, I wanted to take some time to get a working OpenSSH implementation under CentOS 6 to allow for SFTP-only users in a chrooted environment. This process is rather simple (these days) and here’s both my sshd_config file as well as some other notes to help you along your way as well.
You’ll note some of the restrictions are excessive for most people but for my implementation the crypto overhead is fine.
AddressFamily inet
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
KeyRegenerationInterval 1h
ServerKeyBits 4096
SyslogFacility AUTHPRIV
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 4
MaxSessions 5
PasswordAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
RSAAuthentication no
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
UsePAM yes
Ciphers aes256-ctr,aes256-cbc
MACs hmac-sha1
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
PrintLastLog no
TCPKeepAlive yes
UsePrivilegeSeparation yes
ClientAliveInterval 300
ClientAliveCountMax 0
ShowPatchLevel no
UseDNS yes
PidFile /var/run/
MaxStartups 20
PermitTunnel no
Subsystem sftp internal-sftp
Match Group sftpusers
ChrootDirectory /home/%u
PasswordAuthentication no
ForceCommand internal-sftp
ServerKeyBits Note
If you change your ServerKeyBits be sure to purge your existing keys (/rm /etc/ssh/ssh_host_*) and restart sshd to allow them to regenerate.
Configure proper permissions
chown root:root /home/[username]
chmod 711 /home/[username]
Setup the .ssh directory
mkdir /home/[username]/.ssh
chown root:sftpusers /home/[username]/.ssh
chmod 750 /home/[username]/.ssh
Setup the authorized_keys file
touch /home/[username]/.ssh/authorized_keys
chown root:sftpusers /home/[username]/.ssh/authorized_keys
chmod 440 /home/[username]/.ssh/authorized_keys
Create a directory accessible by the user
mkdir /home/[username]/storage
chown [username]:[username] /home/[username]/storage
chmod 760 /home/[username]/storage
Note, you’ll likely want to generate a public/private SSH keypair (ssh-keygen -t rsa) for the user and ensure permissions are as they should be above. This must be done unless you re-enable password authentication.


Monday, November 28, 2011

Firefox – tons of tools for web developers

SkyHi @ Monday, November 28, 2011
One of the goals of Firefox have always been to make the lives of web developers as easy and productive as possible, by providing tools and a very extensible web browser to enable people to create amazing things. The idea here is to list a lot of the tools and options available to you as web developers using Firefox.

Native developer tools in Firefox

We are working on building a great set of developer tools for you included in Firefox. They are described much more in detail in Developer Tools in Firefox Aurora 10 and there are some very interesting implications for what we can accomplish with them!
We are evaluating and experimenting with a number of user interfaces and code approaches to try and find the most optimal ways to work with code in a page. If you install Firefox Aurora you can try them out right now! Let us know what you think.
A picture of the native Developer Toosl in Firefox Aurora
Also stay tuned to this blog, since we will post updates on progress and features for the native Developer Tools.


By far, the most well-known web developer tool in a web browser is the Firebug extension, and without a doubt, for a long time it set the bar for how web developing and debugging should be. Firebug is still a very important tool with lots of powerful features, including a vast number of extensions (see below).
Just something you need to be aware of, though, is with everything that Firebug offers it can be quite heavy when it comes to consuming memory, so use it accordingly.

Firefox extensions for web developers

Over the years, a lot of extensions have been developed to help web developers utilize Firefox to the maximum. Some of the most used and well-known are these ones, but please let us know if we have missed any that helps you!

Accessibility Evaluation Toolbar

Support web developers in testing web resources for accessibility features.

All in One Sidebar

AiOS lets you open various windows as sidebar panels, and quickly switch between them. So it put an end to the window chaos! In addition to bookmarks and history it opens dialogues such as downloads, add-ons and more in the sidebar.

Cache Status

Easy cache status & management from status.


Disable (and optionally clear) the browser cache with the flick of a switch.


Advanced Eyedropper, ColorPicker, Gradient Generator and other colorful goodies.


Console² (pronounced Console Squared or Console Two) replaces the JavaScript Console with what could be the next generation Error Console. From v0.5 includes the Console Filter extension previously available separately from the Console² website.

CSS Reloader

CSS Reloader is an extension that allows you to reload all the CSS of any site without you have to reload the page itself.

DOM Inspector

DOM Inspector is a tool that can be used to inspect and edit the live DOM of any web document or XUL application. The DOM can be navigated using a two-paned window displaying a variety of different views on the document and all nodes within.


Video and audio encoding for Firefox. With Firefogg you can encode most media files to Ogg and WebM. Firefogg also provides an API to integrate encoding into the upload process.


FireFTP is a free, secure, cross-platform FTP/SFTP client for Mozilla Firefox which provides easy and intuitive access to FTP/SFTP servers.


JavaScript Unit Testing Extension


Display horizontal and vertical floating guides, exactly the way you use it in photoshop. Helps improving layout, placing elements in proper grids, laying out elements symmetrically and structure a design.

FoxyProxy Standard

FoxyProxy is an advanced proxy management tool that completely replaces Firefox’s limited proxying capabilities. It offers more features than SwitchProxy, ProxyButton, QuickProxy, xyzproxy, ProxyTex, TorButton, etc.


Geolocate you where you want.


Customize the way a web page displays or behaves, by using small bits of JavaScript.

HTML Validator

HTML Validator is a Mozilla extension that adds HTML validation inside Firefox and Mozilla. The number of errors of a HTML page is seen on the form of an icon.


An HTTP analyzer addon for Firefox.

iMacros for Firefox

Automate Firefox. Record and replay repetitious work. If you love the Firefox web browser, but are tired of repetitive tasks like visiting the same sites every days, filling out forms, and remembering passwords, then iMacros for Firefox is the solution you’ve been dreaming of!

Jenkins Build Monitor

Monitor Jenkins ( builds and display the status on Firefox status bar.

jQuery extension

jQuery and jQuery UI embedded in browser.


Pretty-prints JSON content in the browser for easy, unobtrusive viewing.


View JSON documents in the browser.


If the website you are viewing contains any external js/css files, an icon will appear that says “SS”, “JS”, or both. Each individual file can then be viewed by clicking on the filename. The file will be opened in a new window.

Link Widgets

Eases navigation within sequences of pages (e.g. Web comics, forums, or technical specifications such as the HTML 4 Recommendation) by providing toolbar buttons for the first, previous, next, and last page.

Live HTTP Headers

View HTTP headers of a page and while browsing.


LiveReload refreshes a web page when files change.


Draw a ruler across any webpage to check the width, height, or alignment of page elements in pixels.

Modify Headers

Add, modify and filter the HTTP request headers sent to web servers. This addon is particularly useful for Mobile web development, HTTP testing and privacy.


The best security you can get in a web browser! Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.


Page Speed is an open-source project started at Google to help developers optimize their web pages by applying web performance best practices.


PixelZoomer takes a screenshot of the current website and provides various tools for pixel analysis. You can zoom into websites (up to 3200%), measure distances and pick colors with an eye dropper.

Pixlr Grabber

Grabbing screens and pulling images from the web just got a bit easier. With the Pixlr Grabber add-on, you can copy, save, share or even edit your final grabs – including any image or background – with just a right-click.


A developer tool for interacting with web services and other web resources that lets you make HTTP requests, set the entity body, and content type. This allows you to interact with web services and inspect the results.


Allows quick enable and disable of Java, Javascript, Flash, Silverlight, Images, Stylesheets and Proxy from the Statusbar and/or Toolbar without having to open any dialogs!

Rainbow Color Tools

Color tools for web development. Color picker and eyedropper + saving colors and trying out colors with drag and drop.

Regular Expressions Tester

Testing tool for regular expressions with color highlighting (including submatches) and helpers for creating expressions.

Remove Cookie(s) for Site

A very simple extension to remove all the cookies of currently opened site. It adds an option to the Right Click menu of the page, and a Clear Cookies Button to perform this operation. It displays the status of operation in the status bar.

Screenshot Pimp

Capture, grab, save, download, or copy anything you see in your web browser with only one click! Screenshot pimp is by far the most customizable, and user friendly screenshot toolbar available for both Windows and Mac!

SQLite Manager

Manage any SQLite database on your computer.

Selenium IDE Buttons

Just one simple toolbar button to open Selenium IDE. You need to have installed Selenium IDE:

SeoQuake SEO extension

Seoquake is a Firefox SEO extension aimed primarily at helping web masters who deal with search engine optimization (SEO), social media optimization (SMO) and internet promotion. Seoquake allows to investigate many important SEO parameters.


Show the IP address(es) of the current page in the status bar. It also allows querying custom information services by IP (right click) and hostname (left click), like whois, netcraft, etc. Additionally you can copy the IP address to the clipboard.


Restyle the web with Stylish, a user styles manager. Stylish lets you easily install themes and skins for Google, Facebook, YouTube, Orkut, and many, many other sites. You can even customize Firefox and other programs themselves.

Tamper Data

Use tamperdata to view and modify HTTP/HTTPS headers and post parameters.


You can have an idea, with a single click, of how accesible web sites are.

Tilt 3D

WebGL-based 3D visualization of a webpage.

Total Validator

Perform many different validations in one go. This multiple validator works with external, internal, or local web pages using a local copy of the desktop tool obtained from


TryAgain keeps trying to load a webpage when the server cannot be reached.

User Agent Switcher

The User Agent Switcher extension adds a menu and a toolbar button to switch the user agent of a browser.

Web Developer

The Web Developer extension adds various web developer tools to a browser.

Firebug extensions

There exists a lot of extensions for Firebug for a number of different use cases, and a number of them are listed here:


Syntax highlighting for the Firebug command line using Ace. Fuzzy auto completion.

Code Coverage v2 for Firebug 0.1

This Firebug extension is used to report the Javascript code coverage.

CSS Usage

Firebug extension to view which CSS rules are actually used.


Firecookie is an extension for Firebug that makes possible to view and manage cookies in your browser.


Finds HTML elements matching chosen CSS selector(s) or XPath expression.


FirePHP enables you to log to your Firebug Console using a simple PHP method call.


Firebug plugin for jQuery development.

Inline Code Finder for Firebug

Inline Code Finder is an add-on to Firebug, to be able to find HTML elements with any of these issues: Inline JavaScript events, Inline style, javascript: links.


Javascript syntax highlighting for Firebug.


NetExport is a Firebug extension that allows exporting all collected and computed data from the Net panel. The structure of the created file uses HTTP Archive (HAR) format (based on JSON).

Pixel Perfect

Pixel Perfect is a Firefox/Firebug extension that allows web developers and designers to easily overlay a web composition over top of the developed HTML.


YSlow analyzes web pages and why they’re slow based on Yahoo!’s rules for high performance web sites.
There are even more extensions available for Firebug, available in the Firebug Extensions wiki.