hoodlum
07-12-2015, 05:33 AM
Secure Firefox Configuration
===============================
/Download Firefox: https://www.mozilla.org/en-US/
/Download other versions of Firefox [Nightly, Aurora, Firefox Beta] from here:
https://www.mozilla.org/en-US/firefox/channel/
/Things marked with "**" are essential for security and privacy.
.::EXTENSIONS::.
==================
.::Privacy::.
==================
-> **[NoScript]
Download: https://addons.mozilla.org/en-us/firefox/addon/noscript/
Features: Protects you from XSS and clickjacking attacks, also enables click to load Flash and Java.
-> **[HTTPS-Everywhere]
Download: https://www.eff.org/https-everywhere
Features: Forces HTTPS whenever possible.
-> **[AdBlock Edge]
Download: https://addons.mozilla.org/en-US/firefox/addon/adblock-edge
Features: Blocks intrusive and non-intrusive ads on all websites. It also does not have the "Acceptable Ads" feature.
-> **[Random Agent Spoofer]
Download: https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer
Features: Provides many user agent spoofing options. Over 100 different browsers, has the option to send spoofed headers and much more.
-> **[RequestPolicy]
Download: https://addons.mozilla.org/en-us/firefox/addon/requestpolicy/
Features: Protects you against CSRF attacks and allows you to be in control of all cross-site requests.
-> **[Cookie Controller]
Download: https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/
Features: Browse, manage and remove cookies from sites.
-> **[FoxyProxy Standard]
Download: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard
Features: Advanced proxy management tool for Firefox, way better than the one included with Firefox.
-> **[Disconnect]
Download: https://addons.mozilla.org/en-US/firefox/addon/disconnect
Features: Stops tracking by about 2000 third party websites, makes loading pages about 27% faster.
-> **[Privacy Badger]
Download: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger-firefox
Features: Protects privacy by blocking spying ads and invisable trackers.
.::Tools::.
==================
-> [HackBar]
Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar
Features: A toolbar to help you intesting SQL injections, XSS holes and site security.
-> [FireBug]
Download: https://addons.mozilla.org/en-US/firefox/addon/firebug
Features: Allows you to edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
-> [FxIF]
Download: https://addons.mozilla.org/en-US/firefox/addon/fxif
Features: Allows you to view EXIF data when you right click on a image.
-> [iMacros]
Download: https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox
Features: Allows you to automate Firefox with macros. Anything you do on your browser can be automated.
-> [Web Developer]
Download: https://addons.mozilla.org/en-US/firefox/addon/web-developer
Features: A toolbar that adds verious web developer tools to the browser.
-> [Live HTTP Headers]
Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
Features: Allows you to view HTTP headers of a page and while browsing.
-> [EPUB Reader]
Download: https://addons.mozilla.org/en-US/firefox/addon/epubreader
Features: Allows you to open and read .epub files within your browser.
-> [DOM Inspector]
Download: https://addons.mozilla.org/en-US/firefox/addon/dom-inspector-6622
Features: Inspect/edit live DOM of any webpage or XUL application.
-> [ColorZilla]
Download: https://addons.mozilla.org/en-us/firefox/addon/colorzilla
Features: Advanced eyedropper, color picker, gradient generator and DOM viewer.
-> **[Modify Headers]
Download: https://addons.mozilla.org/En-us/firefox/addon/modify-headers
Features: Add/Modify/Filter HTTP headers. Useful for mobile development, HTTP testing and privacy.
-> [FlagFox]
Download: https://addons.mozilla.org/en-US/firefox/addon/flagfox
Features: Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more.
-> [Video Download Helper]
Download: https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper
Features: Downloads videos and audio from YouTube and other similar sites.
-> [Wappalyzer]
Download: https://addons.mozilla.org/en-us/firefox/addon/wappalyzer
Features: A browser extension that identifies software on websites.
-> **[CrytoCat]
Download: https://addons.mozilla.org/en-US/firefox/addon/cryptocat
Features: Instant encrypted conversations, open source, private, safer communications. Uses the OTR encrypted messaging protocol.
-> [SSleuth]
https://addons.mozilla.org/en-US/firefox/addon/ssleuth
Features: SSleuth ranks an established SSL/TLS connection and gives a brief summary of the cipher suite, certificate and other SSL/TLS parameters.
.::Customizability::.
======================
-> [Stylish]
Download: https://addons.mozilla.org/en-US/firefox/addon/stylish
Features: Customize pages with CSS styles.
-> [GreaseMonkey]
Download: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey
Features: Customize pages with JS scripts.
.::ABOUT:CONFIG SETUP::.
=========================
You can access these configurations by typing in "about:config" in the URL bar, click .
-> Turn off the new tab page, and makes it about:blank:
browser.newtab.url => about:blank
-> **Turn off Geolocation:
geo.enabled => false
geo.wifi.uri => 127.0.0.1
-> **Override the useragent to most common useragent [Not needed with UA Switcher]:
New > string: general.useragent.override =>
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
-> Force installation of non-updated add-ons:
New > boolean: extensions.checkCompatibility.[version #] => false
-> **Disable DNS prefetching:
network.prefetch-next => false
network.dns.disablePrefetch => false
webgl.disabled => true
devtools.cache.disabled => true
browser.sessionstore.privacy_level => 2
-> **Disable referer headers:
network.http.sendRefererHeader => 0
network.http.sendSecureXSiteReferrer => false
network.http.referer.XOriginPolicy => 1
network.http.referer.spoofSource => true
network.http.referer.trimmingPolicy => 2
-> **Enable HTTP pipelineing regularly, on SSL pages, and on proxies, respectively:
network.http.pipelining => true
network.http.pipelining.ssl => true
network.http.proxy.pipelining => true
network.http.pipelining.maxrequests => 10
-> View page source in your favorite editor:
view_source.editor.external => true
view_source.editor.path => X:\EnterPath\To\Program\Here
-> **Prevent child windows/tabs from spawning:
dom.disable_window_open_feature.resizable => false
-> **Disable insecure RC4 encryption protocol:
security.ssl3.ecdhe_ecdsa_rc4_128_sha => false
security.ssl3.ecdhe_rsa_rc4_128_sha => false
security.ssl3.rsa_rc4_128_md5 => false
security.ssl3.rsa_rc4_128_sha => false
-> Increase the amount of connections/requests Firefox will make:
network.http.pipelining.maxrequests => 64
network.http.max-connections => 512
network.http.max-persistent-connections-per-server => 32
-> **Disable Firefox telemetry:
toolkit.telemetry.enabled => false
-> Speed up the security delay when installing add-ons:
security.dialog_enable_delay => 500
-> Disable tab animations:
browser.tabs.animate => false
-> **Allow cookies only from the originating server [Not needed with Cookie Manager]:
network.cookie.cookieBehavior => 1
network.cookie.lifetimePolicy => 2
-> **Reduce RAM usage for Firefox cache feature:
browser.sessionhistory.max_total_viewers => 0
-> Set RAM usage to 10MB when Firefox is minimized:
New => boolean: config.trim_on_minimize => true
-> Reduce page loading delay:
New => integer: nglayout.initialpaint.delay => 0
New => boolean: content.interrupt.parsing => true
New => boolean: content.notify.ontimer => true
New => integer: content.max.tokenizing.time => 100000
New => integer: content.notify.backoffcount => -1
New => integer: content.notify.interval => 100000
New => integer: content.switch.threshold => 2000000
-> Remove submenu slide delay:
New > integer: ui.submenuDelay => 0
-> **Set a "do-not-track" header to tell sites not to track browsing habits:
privacy.donottrackheader.enabled => true
privacy.donottrackheader.value => 1
-> **Disable Google Blacklists and Safebrowsing:
browser.safebrowsing.enabled => false
browser.safebrowsing.maleware.enabled => false
browser.safebrowsing.appRepURL => blank
browser.safebrowsing.downloads.enabled => false
browser.safebrowsing.gethashURL => blank
browser.safebrowsing.malware.reportURL => blank
browser.safebrowsing.reportErrorURL => blank
browser.safebrowsing.reportGenericURL => blank
browser.safebrowsing.reportMalwareErrorURL => blank
browser.safebrowsing.reportMalwareURL => blank
browser.safebrowsing.reportPhishURL => blank
browser.safebrowsing.reportURL => blank
browser.safebrowsing.updateURL => blank
services.sync.prefs.sync.browser.safebrowsing.enab led => false
services.sync.prefs.sync.browser.safebrowsing.malw are.enabled => false
-> **Disable pings:
browser.send_pings => false
browser.send_pings.require_same_host => true
-> **Disable Firefox health report:
datareporting.healthreport.uploadEnabled => flase
-> **Disable DOM storage:
dom.storage.enabled => false
dom.event.clipboardevents.enabled => false
-> Disable suggestions on searchbar:
browser.search.suggest.enabled => false
-> **Disable keywords:
keyword.enabled => false
-> Disable certificates:
browser.ssl_override_behavior => 2
-> **Disable DNS proxy bypass:
network.proxy.socks_remote_dns => true
-> **Disable crash reporting:
breakpad.reportURL => blank
In application.ini in the Firefox folder,
[Crash Reporter]Enabled=1 => [Crash Reporter]Enabled=0
-> **Disable caching on hard drive:
browser.cache.disk.enable => false
browser.cache.offline.enable => flase
browser.cache.disk.capacity => 0
browser.cache.offline.capacity => 0
-> **Do not cache HTTP or HTTPS files:
network.http.use-cache => false
-> **Disable navigator.sendBeacon:
beacon.enable => flase
-> **Disable WebRTC:
media.peerconnection.enabled => false
Another good article from Anonymous Gh0ster
===============================
/Download Firefox: https://www.mozilla.org/en-US/
/Download other versions of Firefox [Nightly, Aurora, Firefox Beta] from here:
https://www.mozilla.org/en-US/firefox/channel/
/Things marked with "**" are essential for security and privacy.
.::EXTENSIONS::.
==================
.::Privacy::.
==================
-> **[NoScript]
Download: https://addons.mozilla.org/en-us/firefox/addon/noscript/
Features: Protects you from XSS and clickjacking attacks, also enables click to load Flash and Java.
-> **[HTTPS-Everywhere]
Download: https://www.eff.org/https-everywhere
Features: Forces HTTPS whenever possible.
-> **[AdBlock Edge]
Download: https://addons.mozilla.org/en-US/firefox/addon/adblock-edge
Features: Blocks intrusive and non-intrusive ads on all websites. It also does not have the "Acceptable Ads" feature.
-> **[Random Agent Spoofer]
Download: https://addons.mozilla.org/en-US/firefox/addon/random-agent-spoofer
Features: Provides many user agent spoofing options. Over 100 different browsers, has the option to send spoofed headers and much more.
-> **[RequestPolicy]
Download: https://addons.mozilla.org/en-us/firefox/addon/requestpolicy/
Features: Protects you against CSRF attacks and allows you to be in control of all cross-site requests.
-> **[Cookie Controller]
Download: https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/
Features: Browse, manage and remove cookies from sites.
-> **[FoxyProxy Standard]
Download: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard
Features: Advanced proxy management tool for Firefox, way better than the one included with Firefox.
-> **[Disconnect]
Download: https://addons.mozilla.org/en-US/firefox/addon/disconnect
Features: Stops tracking by about 2000 third party websites, makes loading pages about 27% faster.
-> **[Privacy Badger]
Download: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger-firefox
Features: Protects privacy by blocking spying ads and invisable trackers.
.::Tools::.
==================
-> [HackBar]
Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar
Features: A toolbar to help you intesting SQL injections, XSS holes and site security.
-> [FireBug]
Download: https://addons.mozilla.org/en-US/firefox/addon/firebug
Features: Allows you to edit, debug, and monitor CSS, HTML, and JavaScript live in any web page.
-> [FxIF]
Download: https://addons.mozilla.org/en-US/firefox/addon/fxif
Features: Allows you to view EXIF data when you right click on a image.
-> [iMacros]
Download: https://addons.mozilla.org/en-US/firefox/addon/imacros-for-firefox
Features: Allows you to automate Firefox with macros. Anything you do on your browser can be automated.
-> [Web Developer]
Download: https://addons.mozilla.org/en-US/firefox/addon/web-developer
Features: A toolbar that adds verious web developer tools to the browser.
-> [Live HTTP Headers]
Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
Features: Allows you to view HTTP headers of a page and while browsing.
-> [EPUB Reader]
Download: https://addons.mozilla.org/en-US/firefox/addon/epubreader
Features: Allows you to open and read .epub files within your browser.
-> [DOM Inspector]
Download: https://addons.mozilla.org/en-US/firefox/addon/dom-inspector-6622
Features: Inspect/edit live DOM of any webpage or XUL application.
-> [ColorZilla]
Download: https://addons.mozilla.org/en-us/firefox/addon/colorzilla
Features: Advanced eyedropper, color picker, gradient generator and DOM viewer.
-> **[Modify Headers]
Download: https://addons.mozilla.org/En-us/firefox/addon/modify-headers
Features: Add/Modify/Filter HTTP headers. Useful for mobile development, HTTP testing and privacy.
-> [FlagFox]
Download: https://addons.mozilla.org/en-US/firefox/addon/flagfox
Features: Displays a country flag depicting the location of the current website's server and provides a multitude of tools such as site safety checks, whois, translation, similar sites, validation, URL shortening, and more.
-> [Video Download Helper]
Download: https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper
Features: Downloads videos and audio from YouTube and other similar sites.
-> [Wappalyzer]
Download: https://addons.mozilla.org/en-us/firefox/addon/wappalyzer
Features: A browser extension that identifies software on websites.
-> **[CrytoCat]
Download: https://addons.mozilla.org/en-US/firefox/addon/cryptocat
Features: Instant encrypted conversations, open source, private, safer communications. Uses the OTR encrypted messaging protocol.
-> [SSleuth]
https://addons.mozilla.org/en-US/firefox/addon/ssleuth
Features: SSleuth ranks an established SSL/TLS connection and gives a brief summary of the cipher suite, certificate and other SSL/TLS parameters.
.::Customizability::.
======================
-> [Stylish]
Download: https://addons.mozilla.org/en-US/firefox/addon/stylish
Features: Customize pages with CSS styles.
-> [GreaseMonkey]
Download: https://addons.mozilla.org/en-US/firefox/addon/greasemonkey
Features: Customize pages with JS scripts.
.::ABOUT:CONFIG SETUP::.
=========================
You can access these configurations by typing in "about:config" in the URL bar, click .
-> Turn off the new tab page, and makes it about:blank:
browser.newtab.url => about:blank
-> **Turn off Geolocation:
geo.enabled => false
geo.wifi.uri => 127.0.0.1
-> **Override the useragent to most common useragent [Not needed with UA Switcher]:
New > string: general.useragent.override =>
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:20.0) Gecko/20100101 Firefox/20.0
-> Force installation of non-updated add-ons:
New > boolean: extensions.checkCompatibility.[version #] => false
-> **Disable DNS prefetching:
network.prefetch-next => false
network.dns.disablePrefetch => false
webgl.disabled => true
devtools.cache.disabled => true
browser.sessionstore.privacy_level => 2
-> **Disable referer headers:
network.http.sendRefererHeader => 0
network.http.sendSecureXSiteReferrer => false
network.http.referer.XOriginPolicy => 1
network.http.referer.spoofSource => true
network.http.referer.trimmingPolicy => 2
-> **Enable HTTP pipelineing regularly, on SSL pages, and on proxies, respectively:
network.http.pipelining => true
network.http.pipelining.ssl => true
network.http.proxy.pipelining => true
network.http.pipelining.maxrequests => 10
-> View page source in your favorite editor:
view_source.editor.external => true
view_source.editor.path => X:\EnterPath\To\Program\Here
-> **Prevent child windows/tabs from spawning:
dom.disable_window_open_feature.resizable => false
-> **Disable insecure RC4 encryption protocol:
security.ssl3.ecdhe_ecdsa_rc4_128_sha => false
security.ssl3.ecdhe_rsa_rc4_128_sha => false
security.ssl3.rsa_rc4_128_md5 => false
security.ssl3.rsa_rc4_128_sha => false
-> Increase the amount of connections/requests Firefox will make:
network.http.pipelining.maxrequests => 64
network.http.max-connections => 512
network.http.max-persistent-connections-per-server => 32
-> **Disable Firefox telemetry:
toolkit.telemetry.enabled => false
-> Speed up the security delay when installing add-ons:
security.dialog_enable_delay => 500
-> Disable tab animations:
browser.tabs.animate => false
-> **Allow cookies only from the originating server [Not needed with Cookie Manager]:
network.cookie.cookieBehavior => 1
network.cookie.lifetimePolicy => 2
-> **Reduce RAM usage for Firefox cache feature:
browser.sessionhistory.max_total_viewers => 0
-> Set RAM usage to 10MB when Firefox is minimized:
New => boolean: config.trim_on_minimize => true
-> Reduce page loading delay:
New => integer: nglayout.initialpaint.delay => 0
New => boolean: content.interrupt.parsing => true
New => boolean: content.notify.ontimer => true
New => integer: content.max.tokenizing.time => 100000
New => integer: content.notify.backoffcount => -1
New => integer: content.notify.interval => 100000
New => integer: content.switch.threshold => 2000000
-> Remove submenu slide delay:
New > integer: ui.submenuDelay => 0
-> **Set a "do-not-track" header to tell sites not to track browsing habits:
privacy.donottrackheader.enabled => true
privacy.donottrackheader.value => 1
-> **Disable Google Blacklists and Safebrowsing:
browser.safebrowsing.enabled => false
browser.safebrowsing.maleware.enabled => false
browser.safebrowsing.appRepURL => blank
browser.safebrowsing.downloads.enabled => false
browser.safebrowsing.gethashURL => blank
browser.safebrowsing.malware.reportURL => blank
browser.safebrowsing.reportErrorURL => blank
browser.safebrowsing.reportGenericURL => blank
browser.safebrowsing.reportMalwareErrorURL => blank
browser.safebrowsing.reportMalwareURL => blank
browser.safebrowsing.reportPhishURL => blank
browser.safebrowsing.reportURL => blank
browser.safebrowsing.updateURL => blank
services.sync.prefs.sync.browser.safebrowsing.enab led => false
services.sync.prefs.sync.browser.safebrowsing.malw are.enabled => false
-> **Disable pings:
browser.send_pings => false
browser.send_pings.require_same_host => true
-> **Disable Firefox health report:
datareporting.healthreport.uploadEnabled => flase
-> **Disable DOM storage:
dom.storage.enabled => false
dom.event.clipboardevents.enabled => false
-> Disable suggestions on searchbar:
browser.search.suggest.enabled => false
-> **Disable keywords:
keyword.enabled => false
-> Disable certificates:
browser.ssl_override_behavior => 2
-> **Disable DNS proxy bypass:
network.proxy.socks_remote_dns => true
-> **Disable crash reporting:
breakpad.reportURL => blank
In application.ini in the Firefox folder,
[Crash Reporter]Enabled=1 => [Crash Reporter]Enabled=0
-> **Disable caching on hard drive:
browser.cache.disk.enable => false
browser.cache.offline.enable => flase
browser.cache.disk.capacity => 0
browser.cache.offline.capacity => 0
-> **Do not cache HTTP or HTTPS files:
network.http.use-cache => false
-> **Disable navigator.sendBeacon:
beacon.enable => flase
-> **Disable WebRTC:
media.peerconnection.enabled => false
Another good article from Anonymous Gh0ster