Wade Alcorn, Alcorn Wade, Christian Frichot, Frichot Christian, Michele Orru, Orru Michele - The Browser Hacker's Handbook

Write the first review!

Fr. 76.00

Wade Alcorn, Alcorn Wade, Christian Frichot, Frichot Christian, Michele Orru, Orru Michele

The Browser Hacker's Handbook

English · Paperback / Softback

Shipping usually within 3 to 5 weeks

Description

Read more

Hackers exploit browser vulnerabilities to attack deep within networks
 
The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods.
 
The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker's Handbook thoroughly covers complex security issues and explores relevant topics such as:
* Bypassing the Same Origin Policy
* ARP spoofing, social engineering, and phishing to access browsers
* DNS tunneling, attacking web applications, and proxying--all from the browser
* Exploiting the browser and its ecosystem (plugins and extensions)
* Cross-origin attacks, including Inter-protocol Communication and Exploitation
 
The Browser Hacker's Handbook is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.

List of contents

Introduction xv
 
Chapter 1 Web Browser Security 1
 
A Principal Principle 2
 
Exploring the Browser 3
 
Symbiosis with the Web Application 4
 
Same Origin Policy 4
 
HTTP Headers 5
 
Markup Languages 5
 
Cascading Style Sheets 6
 
Scripting 6
 
Document Object Model 7
 
Rendering Engines 7
 
Geolocation 9
 
Web Storage 9
 
Cross-origin Resource Sharing 9
 
HTML5 10
 
Vulnerabilities 11
 
Evolutionary Pressures 12
 
HTTP Headers 13
 
Reflected XSS Filtering 15
 
Sandboxing 15
 
Anti-phishing and Anti-malware 16
 
Mixed Content 17
 
Core Security Problems 17
 
Attack Surface 17
 
Surrendering Control 20
 
TCP Protocol Control 20
 
Encrypted Communication 20
 
Same Origin Policy 21
 
Fallacies 21
 
Browser Hacking Methodology 22
 
Summary 28
 
Questions 28
 
Notes 29
 
Chapter 2 Initiating Control 31
 
Understanding Control Initiation 32
 
Control Initiation Techniques 32
 
Using Cross-site Scripting Attacks 32
 
Using Compromised Web Applications 46
 
Using Advertising Networks 46
 
Using Social Engineering Attacks 47
 
Using Man-in-the-Middle Attacks 59
 
Summary 72
 
Questions 73
 
Notes 73
 
Chapter 3 Retaining Control 77
 
Understanding Control Retention 78
 
Exploring Communication Techniques 79
 
Using XMLHttpRequest Polling 80
 
Using Cross-origin Resource Sharing 83
 
Using WebSocket Communication 84
 
Using Messaging Communication 86
 
Using DNS Tunnel Communication 89
 
Exploring Persistence Techniques 96
 
Using IFrames 96
 
Using Browser Events 98
 
Using Pop-Under Windows 101
 
Using Man-in-the-Browser Attacks 104
 
Evading Detection 110
 
Evasion using Encoding 111
 
Evasion using Obfuscation 116
 
Summary 125
 
Questions 126
 
Notes 127
 
Chapter 4 Bypassing the Same Origin Policy 129
 
Understanding the Same Origin Policy 130
 
Understanding the SOP with the DOM 130
 
Understanding the SOP with CORS 131
 
Understanding the SOP with Plugins 132
 
Understanding the SOP with UI Redressing 133
 
Understanding the SOP with Browser History 133
 
Exploring SOP Bypasses 134
 
Bypassing SOP in Java 134
 
Bypassing SOP in Adobe Reader 140
 
Bypassing SOP in Adobe Flash 141
 
Bypassing SOP in Silverlight 142
 
Bypassing SOP in Internet Explorer 142
 
Bypassing SOP in Safari 143
 
Bypassing SOP in Firefox 144
 
Bypassing SOP in Opera 145
 
Bypassing SOP in Cloud Storage 149
 
Bypassing SOP in CORS 150
 
Exploiting SOP Bypasses 151
 
Proxying Requests 151
 
Exploiting UI Redressing Attacks 153
 
Exploiting Browser History 170
 
Summary 178
 
Questions 179
 
Notes 179
 
Chapter 5 Attacking Users 183
 
Defacing Content 183
 
Capturing User Input 187
 
Using Focus Events 188
 
Using Keyboard Events 190
 
Using Mouse and Pointer Events 192
 
Using Form Events 195
 
Using IFrame Key Logging 196
 
Social Engineering 197
 
Using TabNabbing 198
 
Using the Fullscreen 199
 
Abusing UI Expectations 204
 
Using Signed Java Applets 223
 

Product details

Authors Wade Alcorn, Alcorn Wade, Christian Frichot, Frichot Christian, Michele Orru, Orru Michele
Publisher Wiley & Sons
 
Languages English
Product format Paperback / Softback
Released 08.04.2014
 
EAN 9781118662090
ISBN 978-1-118-66209-0
No. of pages 656
Dimensions 203 mm x 250 mm x 22 mm
Weight 1000 g
Subjects Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks

Computersicherheit, Informatik, computer science, Networking / Security, Netzwerke / Sicherheit

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.

Write a review

Thumbs up or thumbs down? Write your own review.

For messages to CeDe.ch please use the contact form.

The input fields marked * are obligatory

By submitting this form you agree to our data privacy statement.