Since you are in this article, I wish you have read this article first. SQL Injection. This article will show you how to use the HackBar Add On from Mozilla in SQL or XSS Injection.

What is HackBar? 

HackBar is a Firefox extension for penetration testers. Hackbar extends the address bar of Firefox and thus provides enough space for long injection URLs during penetration testing. Hackbar also has some additional features including the ability to perform encryption, encoding, decryption, POST data manipulation, inject code generation etc. This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site. Its main purpose is to help a developer do security audits on his code. If you know what your doing, this toolbar will help you do it faster. If you want to learn to find security holes, you can also use this toolbar, but you will probably also need a book, and a lot of google.

How To Start With HackBar

For you to start with SQL Inject Me, Just go to your Mozilla Firefox browser and search the HackBar addon on google.

Once you are on the said site, Click the Add to Firefox button.

Hackbar Firefox Plugin In Plugin Page


Allowing Firefox To Install Hackbar Add-onAs you notice, Message will appear at the left top of the page asking to install software on your computer. Just click the Allow button.   




Click the Install button to install the HackBar add on. 








Once the installation was done, message at the top left part of the page will appear to Restart the browser. Click the Restart Now button. 




  On the previous article regarding SQL Injection, You can convert the table name into MySQL CHAR() Characters. 





Just click the SQL > MySQL > MySQLChar(). After that, A form will appear to ask for a String you want to be converted.





Type on the textbox the table name you want to be converted to MySQL Char(). As what is on the previous article SQL Injection contains. Click OK button after.




After that, you'll notice that the MySQL Char() of the string is on the HackBar form now.