Firefox profiles can be a handy resource when performing application penetration tests. They allow you to load a completely separate instance of the application inside a new browser window which includes unique application sessions and add-on configurations, but without needing a separate browser. This can be useful when performing a test, since it allows you to view the application from different viewpoints without having to log off or switch users. I’ll be covering this aspect of Firefox profiles a bit more in-depth in another post. For now, here’s a quick guide for setting up profiles. In this post, I’m using Firefox 59.0.2 (64-bit).
First, start Firefox. Then, in the URL bar, enter about:profiles. If you haven’t configured profiles before, there will probably just be a single “default” entry like the one shown below.
To create a new profile, click the “Create a New Profile” button. This brings up the profile creation pop-up with some information about how profiles work. Click the “Continue” button in the pop-up. The next window includes a prompt to enter a name for the new profile. In this example, I’m using the name of ‘testuser’ to identify the profile as one of my application testing accounts.
Once you’ve chosen a name, click “Done.” You’ll see the new profile listed under the default profile on the about:profiles page.
Now, whenever you need a second instance for testing, you can simply visit the about:profiles page and click “Launch profile in new browser” for the profile you want to load. You can have multiple profile windows open simultaneously. Be aware that each profile is completely separate, meaning you have to re-install and configure any add-ons you may use for each profile.
If you want to delete a profile, that’s pretty simple too. Similar to creating a profile, browse to about:profiles. Under the profile that you want to delete, click “Remove.” You’ll get a prompt asking whether you want to delete all of the system data associated with the profile, including settings and certificates. If you don’t want to keep any of it, select “Delete Files” otherwise, “Don’t Delete Files.” Note that you can’t delete a profile if you’re currently running the browser as the profile you intend to delete. In this case you’ll have to create a new profile, launch the browser under the new profile and then try deleting the profile again.