The Browser Hacker's Handbook.
Başlık:
The Browser Hacker's Handbook.
Yazar:
Alcorn, Wade.
ISBN:
9781118662106
Yazar Ek Girişi:
Basım Bilgisi:
1st ed.
Fiziksel Tanımlama:
1 online resource (650 pages)
İçerik:
Copyright -- About the Authors -- About the Contributing Authors -- About the Technical Editor -- Credits -- Acknowledgments -- Contents -- Introduction -- Chapter 1: Web Browser Security -- A Principal Principle -- Exploring the Browser -- Symbiosis with the Web Application -- Same Origin Policy -- HTTP Headers -- Markup Languages -- HTML -- XML -- Cascading Style Sheets -- Scripting -- JavaScript -- VBScript -- Document Object Model -- Rendering Engines -- WebKit -- Trident -- Gecko -- Presto -- Blink -- Geolocation -- Web Storage -- Cross-origin Resource Sharing -- HTML5 -- WebSocket -- Web Workers -- History Manipulation -- WebRTC -- Vulnerabilities -- Evolutionary Pressures -- HTTP Headers -- Content Security Policy -- Secure Cookie Flag -- HttpOnly Cookie Flag -- X-Content-Type-Options -- Strict-Transport-Security -- X-Frame-Options -- Reflected XSS Filtering -- Sandboxing -- Browser Sandboxing -- IFrame Sandboxing -- Anti-phishing and Anti-malware -- Mixed Content -- Core Security Problems -- Attack Surface -- Rate of Change -- Silent Updating -- Extensions -- Plugins -- Surrendering Control -- TCP Protocol Control -- Encrypted Communication -- Same Origin Policy -- Fallacies -- Robustness Principle Fallacy -- External Security Perimeter Fallacy -- Browser Hacking Methodology -- Initiating -- Retaining -- Attacking -- Summary -- Questions -- Notes -- Chapter 2: Initiating Control -- Understanding Control Initiation -- Control Initiation Techniques -- Using Cross-site Scripting Attacks -- Reflected Cross-site Scripting -- Stored Cross-site Scripting -- DOM Cross-site Scripting -- Universal Cross-site Scripting -- XSS Viruses -- Bypassing XSS Controls -- Using Compromised Web Applications -- Using Advertising Networks -- Using Social Engineering Attacks -- Phishing Attacks -- Baiting -- Anti-Phishing Controls.
Using Man-in-the-Middle Attacks -- Man-in-the-Browser -- Wireless Attacks -- ARP Spoofing -- DNS Poisoning -- Exploiting Caching -- Summary -- Questions -- Notes -- Chapter 3: Retaining Control -- Understanding Control Retention -- Exploring Communication Techniques -- Using XMLHttpRequest Polling -- Using Cross-origin Resource Sharing -- Using WebSocket Communication -- Using Messaging Communication -- Using DNS Tunnel Communication -- Exploring Persistence Techniques -- Using IFrames -- Using Full Browser Frame Overlay -- Using Browser Events -- Using Pop-Under Windows -- Using Man-in-the-Browser Attacks -- Hijacking AJAX Calls -- Hijacking Non-AJAX Requests -- Evading Detection -- Evasion using Encoding -- Base64 Encoding -- Whitespace Encoding -- Non-alphanumeric JavaScript -- Evasion using Obfuscation -- Random Variables and Methods -- Mixing Object Notations -- Time Delays -- Mixing Content from Another Context -- Using the callee Property -- Evasion using JavaScript Engines Quirks -- Summary -- Questions -- Notes -- Chapter 4: Bypassing the Same -- Understanding the Same Origin Policy -- Understanding the SOP with the DOM -- Understanding the SOP with CORS -- Understanding the SOP with Plugins -- Understanding the SOP with UI Redressing -- Understanding the SOP with Browser History -- Exploring SOP Bypasses -- Bypassing SOP in Java -- Bypassing SOP in Adobe Reader -- Bypassing SOP in Adobe Flash -- Bypassing SOP in Silverlight -- Bypassing SOP in Internet Explorer -- Bypassing SOP in Safari -- Bypassing SOP in Firefox -- Bypassing SOP in Opera -- Bypassing SOP in Cloud Storage -- Bypassing SOP in CORS -- Exploiting SOP Bypasses -- Proxying Requests -- Exploiting UI Redressing Attacks -- Using Clickjacking -- Using Cursorjacking -- Using Filejacking -- Using Drag and Drop -- Exploiting Browser History -- Using CSS Colors -- Using Cache Timing.
Using Browser APIs -- Summary -- Questions -- Notes -- Chapter 5: Attacking Users -- Defacing Content -- Capturing User Input -- Using Focus Events -- Using Keyboard Events -- Using Mouse and Pointer Events -- Using Form Events -- Using IFrame Key Logging -- Social Engineering -- Using TabNabbing -- Using the Fullscreen -- Abusing UI Expectations -- Using Fake Login Prompts -- Pretty Theft -- Gmail Phishing -- Using Fake Software Updates -- Using Clippy -- Using Signed Java Applets -- Privacy Attacks -- Non-cookie Session Tracking -- Bypassing Anonymization -- Attacking Password Managers -- Controlling the Webcam and Microphone -- Summary -- Questions -- Notes -- Chapter 6: Attacking Browsers -- Fingerprinting Browsers -- Fingerprinting using HTTP Headers -- Fingerprinting using DOM Properties -- Using DOM Property Existence -- Using DOM Property Values -- Fingerprinting using Software Bugs -- Fingerprinting using Quirks -- Bypassing Cookie Protections -- Understanding the Structure -- Understanding Attributes -- Understanding the Expires Attribute -- Understanding the HttpOnly Flag -- Understanding the Secure Flag -- Understanding the Path Attribute -- Bypassing Path Attribute Restrictions -- Overflowing the Cookie Jar -- Using Cookies for Tracking -- Sidejacking Attacks -- Bypassing HTTPS -- Downgrading HTTPS to HTTP -- Attacking Certificates -- Using Fake Certificates -- Using Flawed Certificate Validation -- Attacking the SSL/TLS Layer -- Abusing Schemes -- Abusing iOS -- Abusing the Samsung Galaxy -- Attacking JavaScript -- Attacking Encryption in JavaScript -- Mistrusting the Web Application -- Revealing the Key -- Overriding Functions -- JavaScript and Heap Exploitation -- Memory Management -- Firefox and jemalloc -- Arranging Firefox Memory for Exploitation -- Firefox Example -- Getting Shells using Metasploit.
Getting Started with Metasploit -- Choosing the Exploit -- Executing a Single Exploit -- Using Browser Autopwn -- Using BeEF with Metasploit -- Summary -- Questions -- Notes -- Chapter 7: Attacking Extensions -- Understanding Extension Anatomy -- How Extensions Differ from Plugins -- How Extensions Differ from Add-ons -- Exploring Privileges -- Unprivileged Internet Zone -- Privileged Browser Zone -- Understanding Firefox Extensions -- Investigating the Source Code -- Understanding XUL and XBL -- Exploring the XPCOM API -- Examining the Security Model -- Understanding Chrome Extensions -- Investigating the Source Code -- Interpreting the Manifest -- Investigating Content Scripts -- Investigating UI Pages -- Investigating the Background Page -- Considering NPAPI Plugins -- Exploring the Security Model -- Discussing Internet Explorer Extensions -- Fingerprinting Extensions -- Fingerprinting using HTTP Headers -- Fingerprinting using the DOM -- LastPass Example -- Firebug Example -- Fingerprinting using the Manifest -- Attacking Extensions -- Impersonating Extensions -- Impersonating the LastPass Extension -- Cross-context Scripting -- Man-in-the-Middle Attacks -- Bypassing Web Application CSP -- Achieving Same Origin Policy Bypass -- Universal Cross-site Scripting -- Cross-site Request Forgery -- Attacking DOM Event Handlers -- Achieving OS Command Execution -- Firefox Remote Command Execution Example -- Achieving OS Command Injection -- Operating System Command Injection Example -- Summary -- Questions -- Notes -- Chapter 8: Attacking Plugins -- Understanding Plugin Anatomy -- How Plugins Differ from Extensions -- How Plugins Differ from Standard Programs -- Calling Plugins -- Click to Play -- How Plugins are Blocked -- Fingerprinting Plugins -- Detecting Plugins -- Automatic Plugin Detection -- Detecting Plugins in BeEF -- Attacking Plugins.
Bypassing Click to Play -- Firefox Example -- Java Example -- Attacking Java -- Understanding Java Applets -- Detecting Java -- Reversing Java Applets -- Bypassing the Java Sandbox -- Exploiting Java -- Attacking Flash -- Understanding Shared Objects -- ActionScript -- Harnessing the Webcam and Microphone -- Fuzzing Flash -- Attacking ActiveX Controls -- Exploiting ActiveX -- Attacking PDF Readers -- Using JavaScript in PDFs -- Attacking Media Plugins -- Resource Scanning with VLC -- Exploiting Media Players -- Summary -- Questions -- Notes -- Chapter 9: Attacking Web Applications -- Sending Cross-origin Requests -- Enumerating Cross-origin Quirks -- Preflight Requests -- Implications -- Cross-origin Web Application Detection -- Discovering Intranet Device IP Addresses -- Enumerating Internal Domain Names -- Cross-origin Web Application Fingerprinting -- Requesting Known Resources -- Requesting Images -- Requesting Pages -- Cross-origin Authentication Detection -- Exploiting Cross-site Request Forgery -- Understanding Cross-site Request Forgery -- Attacking Password Reset with XSRF -- Using CSRF Tokens for Protection -- Bypassing Anti-XSRF Tokens with Cross-site Scripting -- Cross-origin Resource Detection -- Detecting Cross-origin Resources -- Cross-origin Web Application Vulnerability Detection -- SQL Injection Vulnerabilities -- Conventional SQL Injection Detection -- Cross-origin Blind SQL Injection Detection -- Cross-origin Blind SQL Injection Exploitation -- Detecting Cross-site Scripting Vulnerabilities -- Cross-origin Blind Cross-site Scripting Detection -- Cross-origin Blind Cross-site Scripting Exploitation -- Cross-site Scripting Filter Evasion -- Proxying through the Browser -- Browsing through a Browser -- Bypassing HttpOnly -- Burp through a Browser -- Sqlmap through a Browser -- Browser through Flash.
Launching Denial-of-Service Attacks.
Özet:
Hackers exploit browser vulnerabilities to attack deep within networks The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker's Handbook thoroughly covers complex security issues and explores relevant topics such as: Bypassing the Same Origin Policy ARP spoofing, social engineering, and phishing to access browsers DNS tunneling, attacking web applications, and proxying-all from the browser Exploiting the browser and its ecosystem (plugins and extensions) Cross-origin attacks, including Inter-protocol Communication and Exploitation The Browser Hacker's Handbook is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.
Notlar:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Konu Başlığı:
Tür:
Elektronik Erişim:
Click to View