Schade – dieser Artikel ist leider ausverkauft. Sobald wir wissen, ob und wann der Artikel wieder verfügbar ist, informieren wir Sie an dieser Stelle.
- Format: PDF
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei
bücher.de, um das eBook-Abo tolino select nutzen zu können.
Hier können Sie sich einloggen
Hier können Sie sich einloggen
Sie sind bereits eingeloggt. Klicken Sie auf 2. tolino select Abo, um fortzufahren.
Bitte loggen Sie sich zunächst in Ihr Kundenkonto ein oder registrieren Sie sich bei bücher.de, um das eBook-Abo tolino select nutzen zu können.
Hackers exploit browser vulnerabilities to attack deep within networks The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online,…mehr
- Geräte: PC
- eBook Hilfe
Andere Kunden interessierten sich auch für
Hackers exploit browser vulnerabilities to attack deep within networks The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker's Handbook thoroughly covers complex security issues and explores relevant topics such as: * Bypassing the Same Origin Policy * ARP spoofing, social engineering, and phishing to access browsers * DNS tunneling, attacking web applications, and proxying--all from the browser * Exploiting the browser and its ecosystem (plugins and extensions) * Cross-origin attacks, including Inter-protocol Communication and Exploitation The Browser Hacker's Handbook is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.
Produktdetails
- Produktdetails
- Verlag: John Wiley & Sons
- Seitenzahl: 656
- Erscheinungstermin: 25. Februar 2014
- Englisch
- ISBN-13: 9781118662106
- Artikelnr.: 40532132
- Verlag: John Wiley & Sons
- Seitenzahl: 656
- Erscheinungstermin: 25. Februar 2014
- Englisch
- ISBN-13: 9781118662106
- Artikelnr.: 40532132
WADE ALCORN is the creator of the BeEF open source browser exploitation framework, among toolswatch.org's top 10 security tools. CHRISTIAN FRICHOT is a lead developer of BeEF, as well as a leader of the Perth Open Web Application Security Project. MICHELE ORRÙ is the lead core developer of BeEF, as well as a vulnerability researcher and social engineer.
Introduction xv Chapter 1 Web Browser Security 1 A Principal Principle 2
Exploring the Browser 3 Symbiosis with the Web Application 4 Same Origin
Policy 4 HTTP Headers 5 Markup Languages 5 Cascading Style Sheets 6
Scripting 6 Document Object Model 7 Rendering Engines 7 Geolocation 9 Web
Storage 9 Cross-origin Resource Sharing 9 HTML5 10 Vulnerabilities 11
Evolutionary Pressures 12 HTTP Headers 13 Reflected XSS Filtering 15
Sandboxing 15 Anti-phishing and Anti-malware 16 Mixed Content 17 Core
Security Problems 17 Attack Surface 17 Surrendering Control 20 TCP Protocol
Control 20 Encrypted Communication 20 Same Origin Policy 21 Fallacies 21
Browser Hacking Methodology 22 Summary 28 Questions 28 Notes 29 Chapter 2
Initiating Control 31 Understanding Control Initiation 32 Control
Initiation Techniques 32 Using Cross-site Scripting Attacks 32 Using
Compromised Web Applications 46 Using Advertising Networks 46 Using Social
Engineering Attacks 47 Using Man-in-the-Middle Attacks 59 Summary 72
Questions 73 Notes 73 Chapter 3 Retaining Control 77 Understanding Control
Retention 78 Exploring Communication Techniques 79 Using XMLHttpRequest
Polling 80 Using Cross-origin Resource Sharing 83 Using WebSocket
Communication 84 Using Messaging Communication 86 Using DNS Tunnel
Communication 89 Exploring Persistence Techniques 96 Using IFrames 96 Using
Browser Events 98 Using Pop-Under Windows 101 Using Man-in-the-Browser
Attacks 104 Evading Detection 110 Evasion using Encoding 111 Evasion using
Obfuscation 116 Summary 125 Questions 126 Notes 127 Chapter 4 Bypassing the
Same Origin Policy 129 Understanding the Same Origin Policy 130
Understanding the SOP with the DOM 130 Understanding the SOP with CORS 131
Understanding the SOP with Plugins 132 Understanding the SOP with UI
Redressing 133 Understanding the SOP with Browser History 133 Exploring SOP
Bypasses 134 Bypassing SOP in Java 134 Bypassing SOP in Adobe Reader 140
Bypassing SOP in Adobe Flash 141 Bypassing SOP in Silverlight 142 Bypassing
SOP in Internet Explorer 142 Bypassing SOP in Safari 143 Bypassing SOP in
Firefox 144 Bypassing SOP in Opera 145 Bypassing SOP in Cloud Storage 149
Bypassing SOP in CORS 150 Exploiting SOP Bypasses 151 Proxying Requests 151
Exploiting UI Redressing Attacks 153 Exploiting Browser History 170 Summary
178 Questions 179 Notes 179 Chapter 5 Attacking Users 183 Defacing Content
183 Capturing User Input 187 Using Focus Events 188 Using Keyboard Events
190 Using Mouse and Pointer Events 192 Using Form Events 195 Using IFrame
Key Logging 196 Social Engineering 197 Using TabNabbing 198 Using the
Fullscreen 199 Abusing UI Expectations 204 Using Signed Java Applets 223
Privacy Attacks 228 Non-cookie Session Tracking 230 Bypassing Anonymization
231 Attacking Password Managers 234 Controlling the Webcam and Microphone
236 Summary 242 Questions 243 Notes 243 Chapter 6 Attacking Browsers 247
Fingerprinting Browsers 248 Fingerprinting using HTTP Headers 249
Fingerprinting using DOM Properties 253 Fingerprinting using Software Bugs
258 Fingerprinting using Quirks 259 Bypassing Cookie Protections 260
Understanding the Structure 261 Understanding Attributes 263 Bypassing Path
Attribute Restrictions 265 Overflowing the Cookie Jar 268 Using Cookies for
Tracking 270 Sidejacking Attacks 271 Bypassing HTTPS 272 Downgrading HTTPS
to HTTP 272 Attacking Certificates 276 Attacking the SSL/TLS Layer 277
Abusing Schemes 278 Abusing iOS 279 Abusing the Samsung Galaxy 281
Attacking JavaScript 283 Attacking Encryption in JavaScript 283 JavaScript
and Heap Exploitation 286 Getting Shells using Metasploit 293 Getting
Started with Metasploit 294 Choosing the Exploit 295 Executing a Single
Exploit 296 Using Browser Autopwn 300 Using BeEF with Metasploit 302
Summary 305 Questions 305 Notes 306 Chapter 7 Attacking Extensions 311
Understanding Extension Anatomy 312 How Extensions Differ from Plugins 312
How Extensions Differ from Add-ons 313 Exploring Privileges 313
Understanding Firefox Extensions 314 Understanding Chrome Extensions 321
Discussing Internet Explorer Extensions 330 Fingerprinting Extensions 331
Fingerprinting using HTTP Headers 331 Fingerprinting using the DOM 332
Fingerprinting using the Manifest 335 Attacking Extensions 336
Impersonating Extensions 336 Cross-context Scripting 339 Achieving OS
Command Execution 355 Achieving OS Command Injection 359 Summary 364
Questions 365 Notes 365 Chapter 8 Attacking Plugins 371 Understanding
Plugin Anatomy 372 How Plugins Differ from Extensions 372 How Plugins
Differ from Standard Programs 374 Calling Plugins 374 How Plugins are
Blocked 376 Fingerprinting Plugins 377 Detecting Plugins 377 Automatic
Plugin Detection 379 Detecting Plugins in BeEF 380 Attacking Plugins 382
Bypassing Click to Play 382 Attacking Java 388 Attacking Flash 400
Attacking ActiveX Controls 403 Attacking PDF Readers 408 Attacking Media
Plugins 410 Summary 415 Questions 416 Notes 416 Chapter 9 Attacking Web
Applications 421 Sending Cross-origin Requests 422 Enumerating Cross-origin
Quirks 422 Preflight Requests 425 Implications 425 Cross-origin Web
Application Detection 426 Discovering Intranet Device IP Addresses 426
Enumerating Internal Domain Names 427 Cross-origin Web Application
Fingerprinting 429 Requesting Known Resources 430 Cross-origin
Authentication Detection 436 Exploiting Cross-site Request Forgery 440
Understanding Cross-site Request Forgery 440 Attacking Password Reset with
XSRF 443 Using CSRF Tokens for Protection 444 Cross-origin Resource
Detection 445 Cross-origin Web Application Vulnerability Detection 450 SQL
Injection Vulnerabilities 450 Detecting Cross-site Scripting
Vulnerabilities 465 Proxying through the Browser 469 Browsing through a
Browser 472 Burp through a Browser 477 Sqlmap through a Browser 480 Browser
through Flash 482 Launching Denial-of-Service Attacks 487 Web Application
Pinch Points 487 DDoS Using Multiple Hooked Browsers 489 Launching Web
Application Exploits 493 Cross-origin DNS Hijack 493 Cross-origin JBoss JMX
Remote Command Execution 495 Cross-origin GlassFish Remote Command
Execution 497 Cross-origin m0n0wall Remote Command Execution 501
Cross-origin Embedded Device Command Execution 502 Summary 508 Questions
508 Notes 509 Chapter 10 Attacking Networks 513 Identifying Targets 514
Identifying the Hooked Browser's Internal IP 514 Identifying the Hooked
Browser's Subnet 520 Ping Sweeping 523 Ping Sweeping using XMLHttpRequest
523 Ping Sweeping using Java 528 Port Scanning 531 Bypassing Port Banning
532 Port Scanning using the IMG Tag 537 Distributed Port Scanning 539
Fingerprinting Non-HTTP Services 542 Attacking Non-HTTP Services 545 NAT
Pinning 545 Achieving Inter-protocol Communication 549 Achieving
Inter-protocol Exploitation 564 Getting Shells using BeEF Bind 579 The BeEF
Bind Shellcode 579 Using BeEF Bind in your Exploits 585 Using BeEF Bind as
a Web Shell 596 Summary 599 Questions 600 Notes 601 Chapter 11 Epilogue:
Final Thoughts 605 Index 609
Exploring the Browser 3 Symbiosis with the Web Application 4 Same Origin
Policy 4 HTTP Headers 5 Markup Languages 5 Cascading Style Sheets 6
Scripting 6 Document Object Model 7 Rendering Engines 7 Geolocation 9 Web
Storage 9 Cross-origin Resource Sharing 9 HTML5 10 Vulnerabilities 11
Evolutionary Pressures 12 HTTP Headers 13 Reflected XSS Filtering 15
Sandboxing 15 Anti-phishing and Anti-malware 16 Mixed Content 17 Core
Security Problems 17 Attack Surface 17 Surrendering Control 20 TCP Protocol
Control 20 Encrypted Communication 20 Same Origin Policy 21 Fallacies 21
Browser Hacking Methodology 22 Summary 28 Questions 28 Notes 29 Chapter 2
Initiating Control 31 Understanding Control Initiation 32 Control
Initiation Techniques 32 Using Cross-site Scripting Attacks 32 Using
Compromised Web Applications 46 Using Advertising Networks 46 Using Social
Engineering Attacks 47 Using Man-in-the-Middle Attacks 59 Summary 72
Questions 73 Notes 73 Chapter 3 Retaining Control 77 Understanding Control
Retention 78 Exploring Communication Techniques 79 Using XMLHttpRequest
Polling 80 Using Cross-origin Resource Sharing 83 Using WebSocket
Communication 84 Using Messaging Communication 86 Using DNS Tunnel
Communication 89 Exploring Persistence Techniques 96 Using IFrames 96 Using
Browser Events 98 Using Pop-Under Windows 101 Using Man-in-the-Browser
Attacks 104 Evading Detection 110 Evasion using Encoding 111 Evasion using
Obfuscation 116 Summary 125 Questions 126 Notes 127 Chapter 4 Bypassing the
Same Origin Policy 129 Understanding the Same Origin Policy 130
Understanding the SOP with the DOM 130 Understanding the SOP with CORS 131
Understanding the SOP with Plugins 132 Understanding the SOP with UI
Redressing 133 Understanding the SOP with Browser History 133 Exploring SOP
Bypasses 134 Bypassing SOP in Java 134 Bypassing SOP in Adobe Reader 140
Bypassing SOP in Adobe Flash 141 Bypassing SOP in Silverlight 142 Bypassing
SOP in Internet Explorer 142 Bypassing SOP in Safari 143 Bypassing SOP in
Firefox 144 Bypassing SOP in Opera 145 Bypassing SOP in Cloud Storage 149
Bypassing SOP in CORS 150 Exploiting SOP Bypasses 151 Proxying Requests 151
Exploiting UI Redressing Attacks 153 Exploiting Browser History 170 Summary
178 Questions 179 Notes 179 Chapter 5 Attacking Users 183 Defacing Content
183 Capturing User Input 187 Using Focus Events 188 Using Keyboard Events
190 Using Mouse and Pointer Events 192 Using Form Events 195 Using IFrame
Key Logging 196 Social Engineering 197 Using TabNabbing 198 Using the
Fullscreen 199 Abusing UI Expectations 204 Using Signed Java Applets 223
Privacy Attacks 228 Non-cookie Session Tracking 230 Bypassing Anonymization
231 Attacking Password Managers 234 Controlling the Webcam and Microphone
236 Summary 242 Questions 243 Notes 243 Chapter 6 Attacking Browsers 247
Fingerprinting Browsers 248 Fingerprinting using HTTP Headers 249
Fingerprinting using DOM Properties 253 Fingerprinting using Software Bugs
258 Fingerprinting using Quirks 259 Bypassing Cookie Protections 260
Understanding the Structure 261 Understanding Attributes 263 Bypassing Path
Attribute Restrictions 265 Overflowing the Cookie Jar 268 Using Cookies for
Tracking 270 Sidejacking Attacks 271 Bypassing HTTPS 272 Downgrading HTTPS
to HTTP 272 Attacking Certificates 276 Attacking the SSL/TLS Layer 277
Abusing Schemes 278 Abusing iOS 279 Abusing the Samsung Galaxy 281
Attacking JavaScript 283 Attacking Encryption in JavaScript 283 JavaScript
and Heap Exploitation 286 Getting Shells using Metasploit 293 Getting
Started with Metasploit 294 Choosing the Exploit 295 Executing a Single
Exploit 296 Using Browser Autopwn 300 Using BeEF with Metasploit 302
Summary 305 Questions 305 Notes 306 Chapter 7 Attacking Extensions 311
Understanding Extension Anatomy 312 How Extensions Differ from Plugins 312
How Extensions Differ from Add-ons 313 Exploring Privileges 313
Understanding Firefox Extensions 314 Understanding Chrome Extensions 321
Discussing Internet Explorer Extensions 330 Fingerprinting Extensions 331
Fingerprinting using HTTP Headers 331 Fingerprinting using the DOM 332
Fingerprinting using the Manifest 335 Attacking Extensions 336
Impersonating Extensions 336 Cross-context Scripting 339 Achieving OS
Command Execution 355 Achieving OS Command Injection 359 Summary 364
Questions 365 Notes 365 Chapter 8 Attacking Plugins 371 Understanding
Plugin Anatomy 372 How Plugins Differ from Extensions 372 How Plugins
Differ from Standard Programs 374 Calling Plugins 374 How Plugins are
Blocked 376 Fingerprinting Plugins 377 Detecting Plugins 377 Automatic
Plugin Detection 379 Detecting Plugins in BeEF 380 Attacking Plugins 382
Bypassing Click to Play 382 Attacking Java 388 Attacking Flash 400
Attacking ActiveX Controls 403 Attacking PDF Readers 408 Attacking Media
Plugins 410 Summary 415 Questions 416 Notes 416 Chapter 9 Attacking Web
Applications 421 Sending Cross-origin Requests 422 Enumerating Cross-origin
Quirks 422 Preflight Requests 425 Implications 425 Cross-origin Web
Application Detection 426 Discovering Intranet Device IP Addresses 426
Enumerating Internal Domain Names 427 Cross-origin Web Application
Fingerprinting 429 Requesting Known Resources 430 Cross-origin
Authentication Detection 436 Exploiting Cross-site Request Forgery 440
Understanding Cross-site Request Forgery 440 Attacking Password Reset with
XSRF 443 Using CSRF Tokens for Protection 444 Cross-origin Resource
Detection 445 Cross-origin Web Application Vulnerability Detection 450 SQL
Injection Vulnerabilities 450 Detecting Cross-site Scripting
Vulnerabilities 465 Proxying through the Browser 469 Browsing through a
Browser 472 Burp through a Browser 477 Sqlmap through a Browser 480 Browser
through Flash 482 Launching Denial-of-Service Attacks 487 Web Application
Pinch Points 487 DDoS Using Multiple Hooked Browsers 489 Launching Web
Application Exploits 493 Cross-origin DNS Hijack 493 Cross-origin JBoss JMX
Remote Command Execution 495 Cross-origin GlassFish Remote Command
Execution 497 Cross-origin m0n0wall Remote Command Execution 501
Cross-origin Embedded Device Command Execution 502 Summary 508 Questions
508 Notes 509 Chapter 10 Attacking Networks 513 Identifying Targets 514
Identifying the Hooked Browser's Internal IP 514 Identifying the Hooked
Browser's Subnet 520 Ping Sweeping 523 Ping Sweeping using XMLHttpRequest
523 Ping Sweeping using Java 528 Port Scanning 531 Bypassing Port Banning
532 Port Scanning using the IMG Tag 537 Distributed Port Scanning 539
Fingerprinting Non-HTTP Services 542 Attacking Non-HTTP Services 545 NAT
Pinning 545 Achieving Inter-protocol Communication 549 Achieving
Inter-protocol Exploitation 564 Getting Shells using BeEF Bind 579 The BeEF
Bind Shellcode 579 Using BeEF Bind in your Exploits 585 Using BeEF Bind as
a Web Shell 596 Summary 599 Questions 600 Notes 601 Chapter 11 Epilogue:
Final Thoughts 605 Index 609
Introduction xv Chapter 1 Web Browser Security 1 A Principal Principle 2
Exploring the Browser 3 Symbiosis with the Web Application 4 Same Origin
Policy 4 HTTP Headers 5 Markup Languages 5 Cascading Style Sheets 6
Scripting 6 Document Object Model 7 Rendering Engines 7 Geolocation 9 Web
Storage 9 Cross-origin Resource Sharing 9 HTML5 10 Vulnerabilities 11
Evolutionary Pressures 12 HTTP Headers 13 Reflected XSS Filtering 15
Sandboxing 15 Anti-phishing and Anti-malware 16 Mixed Content 17 Core
Security Problems 17 Attack Surface 17 Surrendering Control 20 TCP Protocol
Control 20 Encrypted Communication 20 Same Origin Policy 21 Fallacies 21
Browser Hacking Methodology 22 Summary 28 Questions 28 Notes 29 Chapter 2
Initiating Control 31 Understanding Control Initiation 32 Control
Initiation Techniques 32 Using Cross-site Scripting Attacks 32 Using
Compromised Web Applications 46 Using Advertising Networks 46 Using Social
Engineering Attacks 47 Using Man-in-the-Middle Attacks 59 Summary 72
Questions 73 Notes 73 Chapter 3 Retaining Control 77 Understanding Control
Retention 78 Exploring Communication Techniques 79 Using XMLHttpRequest
Polling 80 Using Cross-origin Resource Sharing 83 Using WebSocket
Communication 84 Using Messaging Communication 86 Using DNS Tunnel
Communication 89 Exploring Persistence Techniques 96 Using IFrames 96 Using
Browser Events 98 Using Pop-Under Windows 101 Using Man-in-the-Browser
Attacks 104 Evading Detection 110 Evasion using Encoding 111 Evasion using
Obfuscation 116 Summary 125 Questions 126 Notes 127 Chapter 4 Bypassing the
Same Origin Policy 129 Understanding the Same Origin Policy 130
Understanding the SOP with the DOM 130 Understanding the SOP with CORS 131
Understanding the SOP with Plugins 132 Understanding the SOP with UI
Redressing 133 Understanding the SOP with Browser History 133 Exploring SOP
Bypasses 134 Bypassing SOP in Java 134 Bypassing SOP in Adobe Reader 140
Bypassing SOP in Adobe Flash 141 Bypassing SOP in Silverlight 142 Bypassing
SOP in Internet Explorer 142 Bypassing SOP in Safari 143 Bypassing SOP in
Firefox 144 Bypassing SOP in Opera 145 Bypassing SOP in Cloud Storage 149
Bypassing SOP in CORS 150 Exploiting SOP Bypasses 151 Proxying Requests 151
Exploiting UI Redressing Attacks 153 Exploiting Browser History 170 Summary
178 Questions 179 Notes 179 Chapter 5 Attacking Users 183 Defacing Content
183 Capturing User Input 187 Using Focus Events 188 Using Keyboard Events
190 Using Mouse and Pointer Events 192 Using Form Events 195 Using IFrame
Key Logging 196 Social Engineering 197 Using TabNabbing 198 Using the
Fullscreen 199 Abusing UI Expectations 204 Using Signed Java Applets 223
Privacy Attacks 228 Non-cookie Session Tracking 230 Bypassing Anonymization
231 Attacking Password Managers 234 Controlling the Webcam and Microphone
236 Summary 242 Questions 243 Notes 243 Chapter 6 Attacking Browsers 247
Fingerprinting Browsers 248 Fingerprinting using HTTP Headers 249
Fingerprinting using DOM Properties 253 Fingerprinting using Software Bugs
258 Fingerprinting using Quirks 259 Bypassing Cookie Protections 260
Understanding the Structure 261 Understanding Attributes 263 Bypassing Path
Attribute Restrictions 265 Overflowing the Cookie Jar 268 Using Cookies for
Tracking 270 Sidejacking Attacks 271 Bypassing HTTPS 272 Downgrading HTTPS
to HTTP 272 Attacking Certificates 276 Attacking the SSL/TLS Layer 277
Abusing Schemes 278 Abusing iOS 279 Abusing the Samsung Galaxy 281
Attacking JavaScript 283 Attacking Encryption in JavaScript 283 JavaScript
and Heap Exploitation 286 Getting Shells using Metasploit 293 Getting
Started with Metasploit 294 Choosing the Exploit 295 Executing a Single
Exploit 296 Using Browser Autopwn 300 Using BeEF with Metasploit 302
Summary 305 Questions 305 Notes 306 Chapter 7 Attacking Extensions 311
Understanding Extension Anatomy 312 How Extensions Differ from Plugins 312
How Extensions Differ from Add-ons 313 Exploring Privileges 313
Understanding Firefox Extensions 314 Understanding Chrome Extensions 321
Discussing Internet Explorer Extensions 330 Fingerprinting Extensions 331
Fingerprinting using HTTP Headers 331 Fingerprinting using the DOM 332
Fingerprinting using the Manifest 335 Attacking Extensions 336
Impersonating Extensions 336 Cross-context Scripting 339 Achieving OS
Command Execution 355 Achieving OS Command Injection 359 Summary 364
Questions 365 Notes 365 Chapter 8 Attacking Plugins 371 Understanding
Plugin Anatomy 372 How Plugins Differ from Extensions 372 How Plugins
Differ from Standard Programs 374 Calling Plugins 374 How Plugins are
Blocked 376 Fingerprinting Plugins 377 Detecting Plugins 377 Automatic
Plugin Detection 379 Detecting Plugins in BeEF 380 Attacking Plugins 382
Bypassing Click to Play 382 Attacking Java 388 Attacking Flash 400
Attacking ActiveX Controls 403 Attacking PDF Readers 408 Attacking Media
Plugins 410 Summary 415 Questions 416 Notes 416 Chapter 9 Attacking Web
Applications 421 Sending Cross-origin Requests 422 Enumerating Cross-origin
Quirks 422 Preflight Requests 425 Implications 425 Cross-origin Web
Application Detection 426 Discovering Intranet Device IP Addresses 426
Enumerating Internal Domain Names 427 Cross-origin Web Application
Fingerprinting 429 Requesting Known Resources 430 Cross-origin
Authentication Detection 436 Exploiting Cross-site Request Forgery 440
Understanding Cross-site Request Forgery 440 Attacking Password Reset with
XSRF 443 Using CSRF Tokens for Protection 444 Cross-origin Resource
Detection 445 Cross-origin Web Application Vulnerability Detection 450 SQL
Injection Vulnerabilities 450 Detecting Cross-site Scripting
Vulnerabilities 465 Proxying through the Browser 469 Browsing through a
Browser 472 Burp through a Browser 477 Sqlmap through a Browser 480 Browser
through Flash 482 Launching Denial-of-Service Attacks 487 Web Application
Pinch Points 487 DDoS Using Multiple Hooked Browsers 489 Launching Web
Application Exploits 493 Cross-origin DNS Hijack 493 Cross-origin JBoss JMX
Remote Command Execution 495 Cross-origin GlassFish Remote Command
Execution 497 Cross-origin m0n0wall Remote Command Execution 501
Cross-origin Embedded Device Command Execution 502 Summary 508 Questions
508 Notes 509 Chapter 10 Attacking Networks 513 Identifying Targets 514
Identifying the Hooked Browser's Internal IP 514 Identifying the Hooked
Browser's Subnet 520 Ping Sweeping 523 Ping Sweeping using XMLHttpRequest
523 Ping Sweeping using Java 528 Port Scanning 531 Bypassing Port Banning
532 Port Scanning using the IMG Tag 537 Distributed Port Scanning 539
Fingerprinting Non-HTTP Services 542 Attacking Non-HTTP Services 545 NAT
Pinning 545 Achieving Inter-protocol Communication 549 Achieving
Inter-protocol Exploitation 564 Getting Shells using BeEF Bind 579 The BeEF
Bind Shellcode 579 Using BeEF Bind in your Exploits 585 Using BeEF Bind as
a Web Shell 596 Summary 599 Questions 600 Notes 601 Chapter 11 Epilogue:
Final Thoughts 605 Index 609
Exploring the Browser 3 Symbiosis with the Web Application 4 Same Origin
Policy 4 HTTP Headers 5 Markup Languages 5 Cascading Style Sheets 6
Scripting 6 Document Object Model 7 Rendering Engines 7 Geolocation 9 Web
Storage 9 Cross-origin Resource Sharing 9 HTML5 10 Vulnerabilities 11
Evolutionary Pressures 12 HTTP Headers 13 Reflected XSS Filtering 15
Sandboxing 15 Anti-phishing and Anti-malware 16 Mixed Content 17 Core
Security Problems 17 Attack Surface 17 Surrendering Control 20 TCP Protocol
Control 20 Encrypted Communication 20 Same Origin Policy 21 Fallacies 21
Browser Hacking Methodology 22 Summary 28 Questions 28 Notes 29 Chapter 2
Initiating Control 31 Understanding Control Initiation 32 Control
Initiation Techniques 32 Using Cross-site Scripting Attacks 32 Using
Compromised Web Applications 46 Using Advertising Networks 46 Using Social
Engineering Attacks 47 Using Man-in-the-Middle Attacks 59 Summary 72
Questions 73 Notes 73 Chapter 3 Retaining Control 77 Understanding Control
Retention 78 Exploring Communication Techniques 79 Using XMLHttpRequest
Polling 80 Using Cross-origin Resource Sharing 83 Using WebSocket
Communication 84 Using Messaging Communication 86 Using DNS Tunnel
Communication 89 Exploring Persistence Techniques 96 Using IFrames 96 Using
Browser Events 98 Using Pop-Under Windows 101 Using Man-in-the-Browser
Attacks 104 Evading Detection 110 Evasion using Encoding 111 Evasion using
Obfuscation 116 Summary 125 Questions 126 Notes 127 Chapter 4 Bypassing the
Same Origin Policy 129 Understanding the Same Origin Policy 130
Understanding the SOP with the DOM 130 Understanding the SOP with CORS 131
Understanding the SOP with Plugins 132 Understanding the SOP with UI
Redressing 133 Understanding the SOP with Browser History 133 Exploring SOP
Bypasses 134 Bypassing SOP in Java 134 Bypassing SOP in Adobe Reader 140
Bypassing SOP in Adobe Flash 141 Bypassing SOP in Silverlight 142 Bypassing
SOP in Internet Explorer 142 Bypassing SOP in Safari 143 Bypassing SOP in
Firefox 144 Bypassing SOP in Opera 145 Bypassing SOP in Cloud Storage 149
Bypassing SOP in CORS 150 Exploiting SOP Bypasses 151 Proxying Requests 151
Exploiting UI Redressing Attacks 153 Exploiting Browser History 170 Summary
178 Questions 179 Notes 179 Chapter 5 Attacking Users 183 Defacing Content
183 Capturing User Input 187 Using Focus Events 188 Using Keyboard Events
190 Using Mouse and Pointer Events 192 Using Form Events 195 Using IFrame
Key Logging 196 Social Engineering 197 Using TabNabbing 198 Using the
Fullscreen 199 Abusing UI Expectations 204 Using Signed Java Applets 223
Privacy Attacks 228 Non-cookie Session Tracking 230 Bypassing Anonymization
231 Attacking Password Managers 234 Controlling the Webcam and Microphone
236 Summary 242 Questions 243 Notes 243 Chapter 6 Attacking Browsers 247
Fingerprinting Browsers 248 Fingerprinting using HTTP Headers 249
Fingerprinting using DOM Properties 253 Fingerprinting using Software Bugs
258 Fingerprinting using Quirks 259 Bypassing Cookie Protections 260
Understanding the Structure 261 Understanding Attributes 263 Bypassing Path
Attribute Restrictions 265 Overflowing the Cookie Jar 268 Using Cookies for
Tracking 270 Sidejacking Attacks 271 Bypassing HTTPS 272 Downgrading HTTPS
to HTTP 272 Attacking Certificates 276 Attacking the SSL/TLS Layer 277
Abusing Schemes 278 Abusing iOS 279 Abusing the Samsung Galaxy 281
Attacking JavaScript 283 Attacking Encryption in JavaScript 283 JavaScript
and Heap Exploitation 286 Getting Shells using Metasploit 293 Getting
Started with Metasploit 294 Choosing the Exploit 295 Executing a Single
Exploit 296 Using Browser Autopwn 300 Using BeEF with Metasploit 302
Summary 305 Questions 305 Notes 306 Chapter 7 Attacking Extensions 311
Understanding Extension Anatomy 312 How Extensions Differ from Plugins 312
How Extensions Differ from Add-ons 313 Exploring Privileges 313
Understanding Firefox Extensions 314 Understanding Chrome Extensions 321
Discussing Internet Explorer Extensions 330 Fingerprinting Extensions 331
Fingerprinting using HTTP Headers 331 Fingerprinting using the DOM 332
Fingerprinting using the Manifest 335 Attacking Extensions 336
Impersonating Extensions 336 Cross-context Scripting 339 Achieving OS
Command Execution 355 Achieving OS Command Injection 359 Summary 364
Questions 365 Notes 365 Chapter 8 Attacking Plugins 371 Understanding
Plugin Anatomy 372 How Plugins Differ from Extensions 372 How Plugins
Differ from Standard Programs 374 Calling Plugins 374 How Plugins are
Blocked 376 Fingerprinting Plugins 377 Detecting Plugins 377 Automatic
Plugin Detection 379 Detecting Plugins in BeEF 380 Attacking Plugins 382
Bypassing Click to Play 382 Attacking Java 388 Attacking Flash 400
Attacking ActiveX Controls 403 Attacking PDF Readers 408 Attacking Media
Plugins 410 Summary 415 Questions 416 Notes 416 Chapter 9 Attacking Web
Applications 421 Sending Cross-origin Requests 422 Enumerating Cross-origin
Quirks 422 Preflight Requests 425 Implications 425 Cross-origin Web
Application Detection 426 Discovering Intranet Device IP Addresses 426
Enumerating Internal Domain Names 427 Cross-origin Web Application
Fingerprinting 429 Requesting Known Resources 430 Cross-origin
Authentication Detection 436 Exploiting Cross-site Request Forgery 440
Understanding Cross-site Request Forgery 440 Attacking Password Reset with
XSRF 443 Using CSRF Tokens for Protection 444 Cross-origin Resource
Detection 445 Cross-origin Web Application Vulnerability Detection 450 SQL
Injection Vulnerabilities 450 Detecting Cross-site Scripting
Vulnerabilities 465 Proxying through the Browser 469 Browsing through a
Browser 472 Burp through a Browser 477 Sqlmap through a Browser 480 Browser
through Flash 482 Launching Denial-of-Service Attacks 487 Web Application
Pinch Points 487 DDoS Using Multiple Hooked Browsers 489 Launching Web
Application Exploits 493 Cross-origin DNS Hijack 493 Cross-origin JBoss JMX
Remote Command Execution 495 Cross-origin GlassFish Remote Command
Execution 497 Cross-origin m0n0wall Remote Command Execution 501
Cross-origin Embedded Device Command Execution 502 Summary 508 Questions
508 Notes 509 Chapter 10 Attacking Networks 513 Identifying Targets 514
Identifying the Hooked Browser's Internal IP 514 Identifying the Hooked
Browser's Subnet 520 Ping Sweeping 523 Ping Sweeping using XMLHttpRequest
523 Ping Sweeping using Java 528 Port Scanning 531 Bypassing Port Banning
532 Port Scanning using the IMG Tag 537 Distributed Port Scanning 539
Fingerprinting Non-HTTP Services 542 Attacking Non-HTTP Services 545 NAT
Pinning 545 Achieving Inter-protocol Communication 549 Achieving
Inter-protocol Exploitation 564 Getting Shells using BeEF Bind 579 The BeEF
Bind Shellcode 579 Using BeEF Bind in your Exploits 585 Using BeEF Bind as
a Web Shell 596 Summary 599 Questions 600 Notes 601 Chapter 11 Epilogue:
Final Thoughts 605 Index 609