One of the best things about the Websecurify Runtime is that it is super extensible. We are not only targeting JavaScript on Xulrunner but also JavaScript on Nodejs, Java, Objective-C and a few other development platforms. So, we play a lot with technology and usually we come up with some wacky ideas in the process.
Not long ago, it became quite apparent that the web security field lacks a powerful browser designed specifically for penetration testing purposes. A decision was made to build one. This is how the idea behind Acidbrowser was born. In summary, the Acidbrowser project aims to bring all good web application security tools closer to the browser. The reason for this is simple. While web testing proxies are good, they are very difficult to use with more complex/modern web applications. In order to solve this problem we need a solution that not only understands the basics of HTTP but also quite a bit about the DOM and all modern web application technologies.
The current version (0.8) of Acidbrowser is just an empty shell, meaning that no real penetration testing tools have been integrated just yet. The reason for this is simple. While we can easily put some of the existing code, we want to build the browser gradually by developing quick hacks and extensions. That being said, we are hopefully going to release some extensions soon. Meanwhile you can build your own extensions and help you and the community in the process. Don't hesitate to get in touch with us.
I hope you find the tool useful and we are excited to hear about your ideas.
Oh! As usual you can download the tool from here.