Welcome to the tips and tricks for our favorite way of interacting with the web, browsers! As a cybersecurity student, some of these help me out a lot, be it OSINT and recon tasks, documentation and wiki reading or general investigation for university.

Those who know me will know of my general dislike for Chrome and its relatives. While some of these tips might still apply, my guide primarily focuses on Firefox and Firefox-derivatives, such as Librewolf and GNU IceCat. These last two are hardened versions of stock Firefox, so I prefer them a lot.

[?] Info:
To read up on good private browsers, you might want to check out Spyware Watchdog's Articles on web browsers, to see what activity your browser sends in/out without your consent, and even how to mitigate it.

Hardened "forks" of browsers generally have settings already set that reduce the fingerprinting that the browser (or the services running on it, like other websites) gets from you. While this guide is not on privacy per-se, it would do you good to hold your own privacy to a high standard; it gives you a safer and better experience getting to whatever information you might need, without prying eyes looking with or for you.

Extra Search Engines

I'm surprised not many of those same people know this neat feature; adding in more search engines. These make life way easier in a lot of ways, like:

• Use a variety of search engines for mixing results or protecting your privacy.
• Searching and reading documentation instantly.
• Querying wiki pages, email and video searches.
• Gathering Open-Source Intelligence (OSINT) on the targets of your pentest.

_{Custom search engines in the Librewolf browser.}

This feature is pretty simple to customize, but there are many ways to add search engines. This also works in Chrome, so I have linked to both of the official documentations on how to add new search engines and shortcuts:

• Guide for Firefox and its derivatives.
• Guide for Chrome and its derivatives.

For penetration testing, OSINT and programming, mine should work out pretty OK. There are many sites I have not tested yet, but so long as they implement OpenSearch you should be able to add it. The FCC ID website tip was given to me by Lavender, a greatly talented hacker.

Search Engine	Address	Features
Shodan	https://www.shodan.io/	It crawls the entire internet, giving useful info on a domain, IP, hostname, or even protocol/type of machine. Great for recon.
VirusTotal	https://www.virustotal.com	Incredible tool for threat intelligence, or generally avoiding infection. Takes URL, IP, domain, file and/or hash, scans it and gives a report history.
PulseDive	https://pulsedive.com	Mix of Shodan and VirusTotal, great for threat intelligence, but full functionality is behind a paywall.
DevDocs	https://devdocs.io/	Documentation for basically every programming language, centralized in one website. Useful for coding.
FCC ID	https://fccid.io	Searchable FCC ID Database. Incredible for hardware reverse engineering, finding manuals and schematics.
PubMed	https://pubmed.ncbi.nlm.nih.gov/	Free science and biomedical paper searcher. Great for medical and/or research resources.
Github	https://github.com	Find code, packages, or even docs on that obscure hacking tool you downloaded, quick and easy.
Arch and Gentoo Wiki	https://wiki.archlinux.org/ & https://wiki.gentoo.org	For my Linux users; I cannot convey how useful this is. Linux equivalent of the pocket bible.

Other search engines that are great for pentesting but sadly don't have OpenSearch are DorkSearch, incredible for google dorking (it even has an AI to help you create your dork queries); GreyNoise, very similar to Shodan; IntelligenceX, incredible for mapping leaks and other data; DeHashed, like Shodan/GreyNoise but with support for phones, VIN's and more; ExploitDB, good ol' exploit database, which also houses the Google hacking DB; Vulners, specially for CVE searching; and HaveIBeenPwned, for checking if your contact info has been in a breach.

Bookmarked Utilities

I sincerely hope we all use bookmarks; great way of keeping interesting stuff alive and stuck somewhere you can revisit it easily. Due to the ability of adding search engines, lots of those bookmarks have now been integrated into our browser (which is great), but there are still useful tools I'd like to give you.

I keep most of these in a "Utilities" folder in my Bookmarks Tab, just to have them organized in one place, with the name being a clear indication of what's inside. I don't use any bookmarking extensions, but do let me know if there are any good ones.

Bookmark Title	URL	Description
ExplainShell	https://explainshell.com/	Shell command explainer. Very useful for beginners and veterans alike.
RegExr	https://regexr.com/	Regular Expression cheatsheet and tester. Great for scripting, filtering and creating dorking queries.
CyberChef	https://cyberchef.io/	Tool for encoding, decoding and analyzing data. Incredible for CTF challenges and ARG's, as well as defeating some obfuscation.
JS Deobfuscator	https://deobfuscate.relative.im/	Great for reversing jumbled javascript. Very useful for malware forensics and threat intelligence.
OUI Lookup	https://www.wireshark.org/tools/oui-lookup.html	Tool for checking MAC addresses manufacturers. Useful when analyzing network logs and wanting to see which device is from where.
GTFOBins	https://gtfobins.github.io/	List of *NIX binaries you could potentially exploit for privilege escalation, persistance and more. Extremely useful and a must have for pentesting Linux and UNIX systems.
LOLBAS	https://lolbas-project.github.io/	Living Off The Land binaries, scripts and libraries you can use for various things when inside a Windows host. Extremely useful and a must have for pentesting Windows.
LOLDrivers	https://www.loldrivers.io/	Same thing as above but for Windows drivers. Also a must have, specially for persistence and privilege escalation.
GuerillaMail	https://www.guerrillamail.com/	Disposable emails for receiving. Incredible for burner accounts, although some services will block your account if they see it comes from guerilla mail.
Temp Mail	https://temp-mail.org/en/	Same as Guerilla Mail, useful in case the emails get auto-magically blocked by some shitty login.

Extensions for a Better Experience

The internet can be a dangerous place, and with the increased pervasiveness of JavaScript in modern web technologies, your attack surface is increased. However, disabling JS entirely can often be a nuclear option, and most sites and their functionality will refuse to work for you.

The following extensions are meant to help with avoiding fingerprinting, tracking and more, while still allowing you to navigate the web relatively without obstacles. While the Firefox forks I spoke about earlier (Librewolf and GNU Icecat) do implement more hardened features, these extensions tend to work in tandem, delivering you a better experience when navigating the web.

Name	URL	Functionality
uBlock Origin	Chrome Firefox	Best Ad-Blocker with a myriad of filters, as well as the functionality of being able to implement your own hosts file.
CanvasBlocker	Firefox	Alters some JS API's to prevent fingerprinting, with different modes (fake, block, white/blacklist, etc). Incredible for added privacy.
Decentraleyes	Chrome Firefox	It blocks your requests from reaching not-privacy-friendly CDN's, still serving you the content you need. Compliments uBlock very well.
ClearURLs	Chrome Firefox	Removes the tracking content from links, so it (a) avoids fingerprinting and (b) protects your privacy.
PrivacyBadger	Chrome Firefox	Sends the "Do Not Track" signal, and if whatever website does not respect it, it will learn to block its trackers.

I sincerely hope the tips that are written in this page help you to have a safer and more private interaction with the web from here on out! The internet has become such an ingrained part in our lives, so knowing these tips and tricks will (hopefully) help you out. Happy surfing!