{"product_id":"the-browser-hackers-handbook-isbn-9781118662090","title":"The Browser Hacker's Handbook","description":"\u003cb\u003eHackers exploit browser vulnerabilities to attack deep within networks\u003c\/b\u003e  \u003cp\u003e\u003ci\u003eThe Browser Hacker's Handbook\u003c\/i\u003e gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods.\u003c\/p\u003e \u003cp\u003eThe web browser has become the most popular and widely used computer \"program\" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. \u003ci\u003eThe Browser Hacker's Handbook\u003c\/i\u003e thoroughly covers complex security issues and explores relevant topics such as:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eBypassing the Same Origin Policy\u003c\/li\u003e \u003cli\u003eARP spoofing, social engineering, and phishing to access browsers\u003c\/li\u003e \u003cli\u003eDNS tunneling, attacking web applications, and proxying—all from the browser\u003c\/li\u003e \u003cli\u003eExploiting the browser and its ecosystem (plugins and extensions)\u003c\/li\u003e \u003cli\u003eCross-origin attacks, including Inter-protocol Communication and Exploitation\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003e\u003ci\u003eThe Browser Hacker's Handbook\u003c\/i\u003e is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.\u003c\/p\u003e \u003cp\u003eIntroduction xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Web Browser Security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA Principal Principle 2\u003c\/p\u003e \u003cp\u003eExploring the Browser 3\u003c\/p\u003e \u003cp\u003eSymbiosis with the Web Application 4\u003c\/p\u003e \u003cp\u003eSame Origin Policy 4\u003c\/p\u003e \u003cp\u003eHTTP Headers 5\u003c\/p\u003e \u003cp\u003eMarkup Languages 5\u003c\/p\u003e \u003cp\u003eCascading Style Sheets 6\u003c\/p\u003e \u003cp\u003eScripting 6\u003c\/p\u003e \u003cp\u003eDocument Object Model 7\u003c\/p\u003e \u003cp\u003eRendering Engines 7\u003c\/p\u003e \u003cp\u003eGeolocation 9\u003c\/p\u003e \u003cp\u003eWeb Storage 9\u003c\/p\u003e \u003cp\u003eCross-origin Resource Sharing 9\u003c\/p\u003e \u003cp\u003eHtml 5 10\u003c\/p\u003e \u003cp\u003eVulnerabilities 11\u003c\/p\u003e \u003cp\u003eEvolutionary Pressures 12\u003c\/p\u003e \u003cp\u003eHTTP Headers 13\u003c\/p\u003e \u003cp\u003eReflected XSS Filtering 15\u003c\/p\u003e \u003cp\u003eSandboxing 15\u003c\/p\u003e \u003cp\u003eAnti-phishing and Anti-malware 16\u003c\/p\u003e \u003cp\u003eMixed Content 17\u003c\/p\u003e \u003cp\u003eCore Security Problems 17\u003c\/p\u003e \u003cp\u003eAttack Surface 17\u003c\/p\u003e \u003cp\u003eSurrendering Control 20\u003c\/p\u003e \u003cp\u003eTCP Protocol Control 20\u003c\/p\u003e \u003cp\u003eEncrypted Communication 20\u003c\/p\u003e \u003cp\u003eSame Origin Policy 21\u003c\/p\u003e \u003cp\u003eFallacies 21\u003c\/p\u003e \u003cp\u003eBrowser Hacking Methodology 22\u003c\/p\u003e \u003cp\u003eSummary 28\u003c\/p\u003e \u003cp\u003eQuestions 28\u003c\/p\u003e \u003cp\u003eNotes 29\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Initiating Control 31\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Control Initiation 32\u003c\/p\u003e \u003cp\u003eControl Initiation Techniques 32\u003c\/p\u003e \u003cp\u003eUsing Cross-site Scripting Attacks 32\u003c\/p\u003e \u003cp\u003eUsing Compromised Web Applications 46\u003c\/p\u003e \u003cp\u003eUsing Advertising Networks 46\u003c\/p\u003e \u003cp\u003eUsing Social Engineering Attacks 47\u003c\/p\u003e \u003cp\u003eUsing Man-in-the-Middle Attacks 59\u003c\/p\u003e \u003cp\u003eSummary 72\u003c\/p\u003e \u003cp\u003eQuestions 73\u003c\/p\u003e \u003cp\u003eNotes 73\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Retaining Control 77\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Control Retention 78\u003c\/p\u003e \u003cp\u003eExploring Communication Techniques 79\u003c\/p\u003e \u003cp\u003eUsing XMLHttpRequest Polling 80\u003c\/p\u003e \u003cp\u003eUsing Cross-origin Resource Sharing 83\u003c\/p\u003e \u003cp\u003eUsing WebSocket Communication 84\u003c\/p\u003e \u003cp\u003eUsing Messaging Communication 86\u003c\/p\u003e \u003cp\u003eUsing DNS Tunnel Communication 89\u003c\/p\u003e \u003cp\u003eExploring Persistence Techniques 96\u003c\/p\u003e \u003cp\u003eUsing IFrames 96\u003c\/p\u003e \u003cp\u003eUsing Browser Events 98\u003c\/p\u003e \u003cp\u003eUsing Pop-Under Windows 101\u003c\/p\u003e \u003cp\u003eUsing Man-in-the-Browser Attacks 104\u003c\/p\u003e \u003cp\u003eEvading Detection 110\u003c\/p\u003e \u003cp\u003eEvasion using Encoding 111\u003c\/p\u003e \u003cp\u003eEvasion using Obfuscation 116\u003c\/p\u003e \u003cp\u003eSummary 125\u003c\/p\u003e \u003cp\u003eQuestions 126\u003c\/p\u003e \u003cp\u003eNotes 127\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Bypassing the Same Origin Policy 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Same Origin Policy 130\u003c\/p\u003e \u003cp\u003eUnderstanding the SOP with the DOM 130\u003c\/p\u003e \u003cp\u003eUnderstanding the SOP with CORS 131\u003c\/p\u003e \u003cp\u003eUnderstanding the SOP with Plugins 132\u003c\/p\u003e \u003cp\u003eUnderstanding the SOP with UI Redressing 133\u003c\/p\u003e \u003cp\u003eUnderstanding the SOP with Browser History 133\u003c\/p\u003e \u003cp\u003eExploring SOP Bypasses 134\u003c\/p\u003e \u003cp\u003eBypassing SOP in Java 134\u003c\/p\u003e \u003cp\u003eBypassing SOP in Adobe Reader 140\u003c\/p\u003e \u003cp\u003eBypassing SOP in Adobe Flash 141\u003c\/p\u003e \u003cp\u003eBypassing SOP in Silverlight 142\u003c\/p\u003e \u003cp\u003eBypassing SOP in Internet Explorer 142\u003c\/p\u003e \u003cp\u003eBypassing SOP in Safari 143\u003c\/p\u003e \u003cp\u003eBypassing SOP in Firefox 144\u003c\/p\u003e \u003cp\u003eBypassing SOP in Opera 145\u003c\/p\u003e \u003cp\u003eBypassing SOP in Cloud Storage 149\u003c\/p\u003e \u003cp\u003eBypassing SOP in CORS 150\u003c\/p\u003e \u003cp\u003eExploiting SOP Bypasses 151\u003c\/p\u003e \u003cp\u003eProxying Requests 151\u003c\/p\u003e \u003cp\u003eExploiting UI Redressing Attacks 153\u003c\/p\u003e \u003cp\u003eExploiting Browser History 170\u003c\/p\u003e \u003cp\u003eSummary 178\u003c\/p\u003e \u003cp\u003eQuestions 179\u003c\/p\u003e \u003cp\u003eNotes 179\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Attacking Users 183\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefacing Content 183\u003c\/p\u003e \u003cp\u003eCapturing User Input 187\u003c\/p\u003e \u003cp\u003eUsing Focus Events 188\u003c\/p\u003e \u003cp\u003eUsing Keyboard Events 190\u003c\/p\u003e \u003cp\u003eUsing Mouse and Pointer Events 192\u003c\/p\u003e \u003cp\u003eUsing Form Events 195\u003c\/p\u003e \u003cp\u003eUsing IFrame Key Logging 196\u003c\/p\u003e \u003cp\u003eSocial Engineering 197\u003c\/p\u003e \u003cp\u003eUsing TabNabbing 198\u003c\/p\u003e \u003cp\u003eUsing the Fullscreen 199\u003c\/p\u003e \u003cp\u003eAbusing UI Expectations 204\u003c\/p\u003e \u003cp\u003eUsing Signed Java Applets 223\u003c\/p\u003e \u003cp\u003ePrivacy Attacks 228\u003c\/p\u003e \u003cp\u003eNon-cookie Session Tracking 230\u003c\/p\u003e \u003cp\u003eBypassing Anonymization 231\u003c\/p\u003e \u003cp\u003eAttacking Password Managers 234\u003c\/p\u003e \u003cp\u003eControlling the Webcam and Microphone 236\u003c\/p\u003e \u003cp\u003eSummary 242\u003c\/p\u003e \u003cp\u003eQuestions 243\u003c\/p\u003e \u003cp\u003eNotes 243\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Attacking Browsers 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFingerprinting Browsers 248\u003c\/p\u003e \u003cp\u003eFingerprinting using HTTP Headers 249\u003c\/p\u003e \u003cp\u003eFingerprinting using DOM Properties 253\u003c\/p\u003e \u003cp\u003eFingerprinting using Software Bugs 258\u003c\/p\u003e \u003cp\u003eFingerprinting using Quirks 259\u003c\/p\u003e \u003cp\u003eBypassing Cookie Protections 260\u003c\/p\u003e \u003cp\u003eUnderstanding the Structure 261\u003c\/p\u003e \u003cp\u003eUnderstanding Attributes 263\u003c\/p\u003e \u003cp\u003eBypassing Path Attribute Restrictions 265\u003c\/p\u003e \u003cp\u003eOverflowing the Cookie Jar 268\u003c\/p\u003e \u003cp\u003eUsing Cookies for Tracking 270\u003c\/p\u003e \u003cp\u003eSidejacking Attacks 271\u003c\/p\u003e \u003cp\u003eBypassing HTTPS 272\u003c\/p\u003e \u003cp\u003eDowngrading HTTPS to HTTP 272\u003c\/p\u003e \u003cp\u003eAttacking Certificates 276\u003c\/p\u003e \u003cp\u003eAttacking the SSL\/TLS Layer 277\u003c\/p\u003e \u003cp\u003eAbusing Schemes 278\u003c\/p\u003e \u003cp\u003eAbusing iOS 279\u003c\/p\u003e \u003cp\u003eAbusing the Samsung Galaxy 281\u003c\/p\u003e \u003cp\u003eAttacking JavaScript 283\u003c\/p\u003e \u003cp\u003eAttacking Encryption in JavaScript 283\u003c\/p\u003e \u003cp\u003eJavaScript and Heap Exploitation 286\u003c\/p\u003e \u003cp\u003eGetting Shells using Metasploit 293\u003c\/p\u003e \u003cp\u003eGetting Started with Metasploit 294\u003c\/p\u003e \u003cp\u003eChoosing the Exploit 295\u003c\/p\u003e \u003cp\u003eExecuting a Single Exploit 296\u003c\/p\u003e \u003cp\u003eUsing Browser Autopwn 300\u003c\/p\u003e \u003cp\u003eUsing BeEF with Metasploit 302\u003c\/p\u003e \u003cp\u003eSummary 305\u003c\/p\u003e \u003cp\u003eQuestions 305\u003c\/p\u003e \u003cp\u003eNotes 306\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Attacking Extensions 311\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Extension Anatomy 312\u003c\/p\u003e \u003cp\u003eHow Extensions Differ from Plugins 312\u003c\/p\u003e \u003cp\u003eHow Extensions Differ from Add-ons 313\u003c\/p\u003e \u003cp\u003eExploring Privileges 313\u003c\/p\u003e \u003cp\u003eUnderstanding Firefox Extensions 314\u003c\/p\u003e \u003cp\u003eUnderstanding Chrome Extensions 321\u003c\/p\u003e \u003cp\u003eDiscussing Internet Explorer Extensions 330\u003c\/p\u003e \u003cp\u003eFingerprinting Extensions 331\u003c\/p\u003e \u003cp\u003eFingerprinting using HTTP Headers 331\u003c\/p\u003e \u003cp\u003eFingerprinting using the DOM 332\u003c\/p\u003e \u003cp\u003eFingerprinting using the Manifest 335\u003c\/p\u003e \u003cp\u003eAttacking Extensions 336\u003c\/p\u003e \u003cp\u003eImpersonating Extensions 336\u003c\/p\u003e \u003cp\u003eCross-context Scripting 339\u003c\/p\u003e \u003cp\u003eAchieving OS Command Execution 355\u003c\/p\u003e \u003cp\u003eAchieving OS Command Injection 359\u003c\/p\u003e \u003cp\u003eSummary 364\u003c\/p\u003e \u003cp\u003eQuestions 365\u003c\/p\u003e \u003cp\u003eNotes 365\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Attacking Plugins 371\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Plugin Anatomy 372\u003c\/p\u003e \u003cp\u003eHow Plugins Differ from Extensions 372\u003c\/p\u003e \u003cp\u003eHow Plugins Differ from Standard Programs 374\u003c\/p\u003e \u003cp\u003eCalling Plugins 374\u003c\/p\u003e \u003cp\u003eHow Plugins are Blocked 376\u003c\/p\u003e \u003cp\u003eFingerprinting Plugins 377\u003c\/p\u003e \u003cp\u003eDetecting Plugins 377\u003c\/p\u003e \u003cp\u003eAutomatic Plugin Detection 379\u003c\/p\u003e \u003cp\u003eDetecting Plugins in BeEF 380\u003c\/p\u003e \u003cp\u003eAttacking Plugins 382\u003c\/p\u003e \u003cp\u003eBypassing Click to Play 382\u003c\/p\u003e \u003cp\u003eAttacking Java 388\u003c\/p\u003e \u003cp\u003eAttacking Flash 400\u003c\/p\u003e \u003cp\u003eAttacking ActiveX Controls 403\u003c\/p\u003e \u003cp\u003eAttacking PDF Readers 408\u003c\/p\u003e \u003cp\u003eAttacking Media Plugins 410\u003c\/p\u003e \u003cp\u003eSummary 415\u003c\/p\u003e \u003cp\u003eQuestions 416\u003c\/p\u003e \u003cp\u003eNotes 416\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Attacking Web Applications 421\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSending Cross-origin Requests 422\u003c\/p\u003e \u003cp\u003eEnumerating Cross-origin Quirks 422\u003c\/p\u003e \u003cp\u003ePreflight Requests 425\u003c\/p\u003e \u003cp\u003eImplications 425\u003c\/p\u003e \u003cp\u003eCross-origin Web Application Detection 426\u003c\/p\u003e \u003cp\u003eDiscovering Intranet Device IP Addresses 426\u003c\/p\u003e \u003cp\u003eEnumerating Internal Domain Names 427\u003c\/p\u003e \u003cp\u003eCross-origin Web Application Fingerprinting 429\u003c\/p\u003e \u003cp\u003eRequesting Known Resources 430\u003c\/p\u003e \u003cp\u003eCross-origin Authentication Detection 436\u003c\/p\u003e \u003cp\u003eExploiting Cross-site Request Forgery 440\u003c\/p\u003e \u003cp\u003eUnderstanding Cross-site Request Forgery 440\u003c\/p\u003e \u003cp\u003eAttacking Password Reset with XSRF 443\u003c\/p\u003e \u003cp\u003eUsing CSRF Tokens for Protection 444\u003c\/p\u003e \u003cp\u003eCross-origin Resource Detection 445\u003c\/p\u003e \u003cp\u003eCross-origin Web Application Vulnerability Detection 450\u003c\/p\u003e \u003cp\u003eSQL Injection Vulnerabilities 450\u003c\/p\u003e \u003cp\u003eDetecting Cross-site Scripting Vulnerabilities 465\u003c\/p\u003e \u003cp\u003eProxying through the Browser 469\u003c\/p\u003e \u003cp\u003eBrowsing through a Browser 472\u003c\/p\u003e \u003cp\u003eBurp through a Browser 477\u003c\/p\u003e \u003cp\u003eSqlmap through a Browser 480\u003c\/p\u003e \u003cp\u003eBrowser through Flash 482\u003c\/p\u003e \u003cp\u003eLaunching Denial-of-Service Attacks 487\u003c\/p\u003e \u003cp\u003eWeb Application Pinch Points 487\u003c\/p\u003e \u003cp\u003eDDoS Using Multiple Hooked Browsers 489\u003c\/p\u003e \u003cp\u003eLaunching Web Application Exploits 493\u003c\/p\u003e \u003cp\u003eCross-origin DNS Hijack 493\u003c\/p\u003e \u003cp\u003eCross-origin JBoss JMX Remote Command Execution 495\u003c\/p\u003e \u003cp\u003eCross-origin GlassFish Remote Command Execution 497\u003c\/p\u003e \u003cp\u003eCross-origin m0n0wall Remote Command Execution 501\u003c\/p\u003e \u003cp\u003eCross-origin Embedded Device Command Execution 502\u003c\/p\u003e \u003cp\u003eSummary 508\u003c\/p\u003e \u003cp\u003eQuestions 508\u003c\/p\u003e \u003cp\u003eNotes 509\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Attacking Networks 513\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIdentifying Targets 514\u003c\/p\u003e \u003cp\u003eIdentifying the Hooked Browser’s Internal IP 514\u003c\/p\u003e \u003cp\u003eIdentifying the Hooked Browser’s Subnet 520\u003c\/p\u003e \u003cp\u003ePing Sweeping 523\u003c\/p\u003e \u003cp\u003ePing Sweeping using XMLHttpRequest 523\u003c\/p\u003e \u003cp\u003ePing Sweeping using Java 528\u003c\/p\u003e \u003cp\u003ePort Scanning 531\u003c\/p\u003e \u003cp\u003eBypassing Port Banning 532\u003c\/p\u003e \u003cp\u003ePort Scanning using the IMG Tag 537\u003c\/p\u003e \u003cp\u003eDistributed Port Scanning 539\u003c\/p\u003e \u003cp\u003eFingerprinting Non-HTTP Services 542\u003c\/p\u003e \u003cp\u003eAttacking Non-HTTP Services 545\u003c\/p\u003e \u003cp\u003eNAT Pinning 545\u003c\/p\u003e \u003cp\u003eAchieving Inter-protocol Communication 549\u003c\/p\u003e \u003cp\u003eAchieving Inter-protocol Exploitation 564\u003c\/p\u003e \u003cp\u003eGetting Shells using BeEF Bind 579\u003c\/p\u003e \u003cp\u003eThe BeEF Bind Shellcode 579\u003c\/p\u003e \u003cp\u003eUsing BeEF Bind in your Exploits 585\u003c\/p\u003e \u003cp\u003eUsing BeEF Bind as a Web Shell 596\u003c\/p\u003e \u003cp\u003eSummary 599\u003c\/p\u003e \u003cp\u003eQuestions 600\u003c\/p\u003e \u003cp\u003eNotes 601\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Epilogue: Final Thoughts 605\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIndex 609\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eWADE ALCORN\u003c\/b\u003e is the creator of the BeEF open source browser exploitation framework, among toolswatch.org’s top 10 security tools.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHRISTIAN FRICHOT\u003c\/b\u003e is a lead developer of BeEF, as well as a leader of the Perth Open Web Application Security Project.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eMICHELE ORRÙ\u003c\/b\u003e is the lead core developer of BeEF, as well as a vulnerability researcher and social engineer.\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eBrowsers have never been more vulnerable.\u003c\/b\u003e\u003cbr\u003e \u003cb\u003eAre you prepared?\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe browser has essentially become the operating system of the modern era, and with that comes vulnerabilities on a scale not yet seen in IT security. \u003ci\u003eThe Browser Hacker’s Handbook,\u003c\/i\u003e written by an expert team of browser hackers, is the first book of its kind to offer a tutorial-based approach to understanding browser vulnerabilities and learning to defend your networks and critical systems from potential attacks.\u003c\/p\u003e \u003cp\u003eThis comprehensive guide will show you exactly how hackers target browsers and exploit their weaknesses to establish a beachhead and launch attacks deep into your network. Fight back with \u003ci\u003eThe Browser Hacker’s Handbook.\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eLearn to:\u003c\/b\u003e\u003c\/p\u003e \u003cul\u003e \u003cli\u003eExploit the most common vulnerabilities of Firefox®, Internet Explorer®, and Chrome™, as well as other browsers\u003c\/li\u003e \u003cli\u003eLeverage browsers as pivot points into a target’s network when performing security assessments\u003c\/li\u003e \u003cli\u003eInitiate—and maintain—control over a target browser, giving you direct access to sensitive assets\u003c\/li\u003e \u003cli\u003eExploit weaknesses in browser plugins and extensions, two of the most vulnerable entry points for the browser\u003c\/li\u003e \u003cli\u003eUse Inter-protocol Communication and Exploitation to further exploit internal network systems from the hooked browser\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eVisit the companion website at \u003cb\u003ebrowserhacker.com\u003c\/b\u003e to download all the code examples in this book.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990178644197,"sku":"NP9781118662090","price":58.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118662090.jpg?v=1761786806","url":"https:\/\/k12savings.com\/products\/the-browser-hackers-handbook-isbn-9781118662090","provider":"K12savings","version":"1.0","type":"link"}