Go to JsmonBook a Call

Firefox Extension

Jsmon Firefox Extension Guide: Automated JS Reconnaissance

The Jsmon Firefox Extension is a powerful, passive reconnaissance tool designed for security researchers. It automatically captures JavaScript (JS) URLs as you browse through Firefox and submits them to your Jsmon workspace for deep, real-time analysis, including checking for hardcoded secrets, API paths, and more.

1. Installation

Installation is performed directly from the Mozilla Add-ons store.

Prerequisites

  • Mozilla Firefox browser.

  • A Jsmon Account at https://jsmon.sh (required to obtain your API Key and Workspace ID).

Step-by-Step Installation

  1. Navigate to Mozilla Add-ons: Open Firefox and go to the extension link: https://addons.mozilla.org/en-US/firefox/addon/jsmon-extension.

LogoJsmon – Get this Extension for 🦊 Firefox (en-US)addons.mozilla.org

  1. Add the Extension: Click the "Add to Firefox" button.

  2. Confirm Installation: A confirmation dialog will appear. Click "Add" to install the extension.

  3. Pin the Extension: Click the Extensions icon (puzzle piece) in your toolbar, and then ensure the Jsmon Extension Icon is visible for easy access.

2. Configuration and Authentication

The extension must be linked to your personal Jsmon account to function correctly.

Step 1: Obtain Your API Key and Workspace ID

  1. Log into your account on the Jsmon web application at https://jsmon.sh.

  2. Navigate to the Settings > JSMON API section.

  1. Generate and copy your personal API Key.

Step 2: Configure the Extension

  1. Click the Jsmon Extension Icon in your Firefox toolbar.

  2. Enter API Key: Paste the API key into the prompt.

  3. Select Workspace: You will be prompted to select an existing workspace from your account. Choose the workspace where you want the collected JS URLs to be stored.

  4. Click "Start Scanning" (or a similar button) to save the settings and initialize the connection.

3. Usage: Automated JS URL Collection

Once configured, the extension will passively monitor your browsing activity within Firefox.

Automated Scanning

  1. Turn On: Click the "Turn on" button (or toggle) inside the extension popup to begin monitoring traffic.

  2. Browse: As you visit websites, the extension automatically intercepts requests for .js files and any URL with content-type: javascript and sends those URLs to the Jsmon API.

    • Important Note: By default, the extension captures all traffic. To maintain data cleanliness and conserve API calls, using the Domain Scope Filter is essential.

CRITICAL: Using the Domain Scope Filter

The Domains in scope feature is mandatory for focusing your reconnaissance efforts and managing API usage:

  1. API Consumption: It prevents you from using up API credits on irrelevant domains (e.g., streaming services, e-commerce sites) that are outside your testing scope.

  2. Data Cleanliness: It ensures your Jsmon workspace remains focused only on data relevant to your target domains.

How to Set the Scope:

  1. In the extension popup, locate the "Domains in scope" input field.

  2. Add Target Domains: Enter the domains you are actively targeting for security research (e.g., targetcorp.com, api.testenv.net).

  3. Delimiter: Use a comma (,) to separate multiple domains (e.g., support.acmecorp.com).

  4. Activation: The extension will now only submit JS URLs that match the specified domains.

4. Viewing and Querying Results (On the Web App)

All data collected by the Firefox Extension is immediately available in your Jsmon workspace dashboard for analysis.

  1. View JS URLs: Log into the Jsmon web app and navigate to your configured workspace to see the growing list of collected JS files.

  2. Analysis: The platform provides automatic analysis for:

    • JS Intelligence

    • Keys & Secrets

Want to learn more? Schedule a meeting with Jsmon Team!

PreviousChrome ExtensionNextBurpsuite Extension

Last updated