Cargando…
The Browser Hacker's Handbook /
Hackers exploit browser vulnerabilities to attack deep within networks. The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced c...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Otros Autores: | , |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Indianapolis, IN :
Wiley,
©2014.
©2014 |
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Web Browser Security
- Initiating Control
- Retaining Control
- Bypassing the Same Origin Policy
- Attacking Users
- Attacking Browsers
- Attacking Extensions
- Attacking Plugins
- Attacking Web Applications
- Attacking Networks
- Epilogue: Final Thoughts.
- Copyright; About the Authors; About the Contributing Authors; About the Technical Editor; Credits; Acknowledgments; Contents; Introduction; Chapter 1: Web Browser Security; A Principal Principle; Exploring the Browser; Symbiosis with the Web Application; Same Origin Policy; HTTP Headers; Markup Languages; HTML; XML; Cascading Style Sheets; Scripting; JavaScript; VBScript; Document Object Model; Rendering Engines; WebKit; Trident; Gecko; Presto; Blink; Geolocation; Web Storage; Cross-origin Resource Sharing; HTML5; WebSocket; Web Workers; History Manipulation; WebRTC; Vulnerabilities.
- Evolutionary Pressures HTTP Headers; Content Security Policy; Secure Cookie Flag; HttpOnly Cookie Flag; X-Content-Type-Options; Strict-Transport-Security; X-Frame-Options; Reflected XSS Filtering; Sandboxing; Browser Sandboxing; IFrame Sandboxing; Anti-phishing and Anti-malware; Mixed Content; Core Security Problems; Attack Surface; Rate of Change; Silent Updating; Extensions; Plugins; Surrendering Control; TCP Protocol Control; Encrypted Communication; Same Origin Policy; Fallacies; Robustness Principle Fallacy; External Security Perimeter Fallacy; Browser Hacking Methodology; Initiating.
- Retaining Attacking; Summary; Questions; Notes; Chapter 2: Initiating Control; Understanding Control Initiation; Control Initiation Techniques; Using Cross-site Scripting Attacks; Reflected Cross-site Scripting; Stored Cross-site Scripting; DOM Cross-site Scripting; Universal Cross-site Scripting; XSS Viruses; Bypassing XSS Controls; Using Compromised Web Applications; Using Advertising Networks; Using Social Engineering Attacks; Phishing Attacks; Baiting; Anti-Phishing Controls; Using Man-in-the-Middle Attacks; Man-in-the-Browser; Wireless Attacks; ARP Spoofing; DNS Poisoning.
- Exploiting Caching Summary; Questions; Notes; Chapter 3: Retaining Control; Understanding Control Retention; Exploring Communication Techniques; Using XMLHttpRequest Polling; Using Cross-origin Resource Sharing; Using WebSocket Communication; Using Messaging Communication; Using DNS Tunnel Communication; Exploring Persistence Techniques; Using IFrames; Using Full Browser Frame Overlay; Using Browser Events; Using Pop-Under Windows; Using Man-in-the-Browser Attacks; Hijacking AJAX Calls; Hijacking Non-AJAX Requests; Evading Detection; Evasion using Encoding; Base64 Encoding; Whitespace Encoding.
- Non-alphanumeric JavaScript Evasion using Obfuscation; Random Variables and Methods; Mixing Object Notations; Time Delays; Mixing Content from Another Context; Using the callee Property; Evasion using JavaScript Engines Quirks; Summary; Questions; Notes; Chapter 4: Bypassing the Same; Understanding the Same Origin Policy; Understanding the SOP with the DOM; Understanding the SOP with CORS; Understanding the SOP with Plugins; Understanding the SOP with UI Redressing; Understanding the SOP with Browser History; Exploring SOP Bypasses; Bypassing SOP in Java; Bypassing SOP in Adobe Reader. Bypassing SOP in Adobe Flash.