Contents

Introduction

Chapter 1   Web Browser Security

A Principal Principle

Exploring the Browser

Symbiosis with the Web Application

Same Origin Policy

HTTP Headers

Markup Languages

Cascading Style Sheets

Scripting

Document Object Model

Rendering Engines

Geolocation

Web Storage

Cross-origin Resource Sharing

HTML5

Vulnerabilities

Evolutionary Pressures

HTTP Headers

Reflected XSS Filtering

Sandboxing

Anti-phishing and Anti-malware

Mixed Content

Core Security Problems

Attack Surface

Surrendering Control

TCP Protocol Control

Encrypted Communication

Same Origin Policy

Fallacies

Browser Hacking Methodology

Summary

Questions

Notes

Chapter 2   Initiating Control

Understanding Control Initiation

Control Initiation Techniques

Using Cross-site Scripting Attacks

Using Compromised Web Applications

Using Advertising Networks

Using Social Engineering Attacks

Using Man-in-the-Middle Attacks

Summary

Questions

Notes

Chapter 3   Retaining Control

Understanding Control Retention

Exploring Communication Techniques

Using XMLHttpRequest Polling

Using Cross-origin Resource Sharing

Using WebSocket Communication

Using Messaging Communication

Using DNS Tunnel Communication

Exploring Persistence Techniques

Using IFrames

Using Browser Events

Using Pop-Under Windows

Using Man-in-the-Browser Attacks

Evading Detection

Evasion using Encoding

Evasion using Obfuscation

Summary

Questions

Notes

Chapter 4   Bypassing the Same Origin Policy

Understanding the Same Origin Policy

Understanding the SOP with the DOM

Understanding the SOP with CORS

Understanding the SOP with Plugins

Understanding the SOP with UI Redressing

Understanding the SOP with Browser History

Exploring SOP Bypasses

Bypassing SOP in Java

Bypassing SOP in Adobe Reader

Bypassing SOP in Adobe Flash

Bypassing SOP in Silverlight

Bypassing SOP in Internet Explorer

Bypassing SOP in Safari

Bypassing SOP in Firefox

Bypassing SOP in Opera

Bypassing SOP in Cloud Storage

Bypassing SOP in CORS

Exploiting SOP Bypasses

Proxying Requests

Exploiting UI Redressing Attacks

Exploiting Browser History

Summary

Questions

Notes

Chapter 5   Attacking Users

Defacing Content

Capturing User Input

Using Focus Events

Using Keyboard Events

Using Mouse and Pointer Events

Using Form Events

Using IFrame Key Logging

Social Engineering

Using TabNabbing

Using the Fullscreen

Abusing UI Expectations

Using Signed Java Applets

Privacy Attacks

Non-cookie Session Tracking

Bypassing Anonymization

Attacking Password Managers

Controlling the Webcam and Microphone

Summary

Questions

Notes

Chapter 6   Attacking Browsers

Fingerprinting Browsers

Fingerprinting using HTTP Headers

Fingerprinting using DOM Properties

Fingerprinting using Software Bugs

Fingerprinting using Quirks

Bypassing Cookie Protections

Understanding the Structure

Understanding Attributes

Bypassing Path Attribute Restrictions

Overflowing the Cookie Jar

Using Cookies for Tracking

Sidejacking Attacks

Bypassing HTTPS

Downgrading HTTPS to HTTP

Attacking Certificates

Attacking the SSL/TLS Layer

Abusing Schemes

Abusing iOS

Abusing the Samsung Galaxy

Attacking JavaScript

Attacking Encryption in JavaScript

JavaScript and Heap Exploitation

Getting Shells using Metasploit

Getting Started with Metasploit

Choosing the Exploit

Executing a Single Exploit

Using Browser Autopwn

Using BeEF with Metasploit

Summary

Questions

Notes

Chapter 7   Attacking Extensions

Understanding Extension Anatomy

How Extensions Differ from Plugins

How Extensions Differ from Add-ons

Exploring Privileges

Understanding Firefox Extensions

Understanding Chrome Extensions

Discussing Internet Explorer Extensions

Fingerprinting Extensions

Fingerprinting using HTTP Headers

Fingerprinting using the DOM

Fingerprinting using the Manifest

Attacking Extensions

Impersonating Extensions

Cross-context Scripting

Achieving OS Command Execution

Achieving OS Command Injection

Summary

Questions

Notes

Chapter 8   Attacking Plugins

Understanding Plugin Anatomy

How Plugins Differ from Extensions

How Plugins Differ from Standard Programs

Calling Plugins

How Plugins are Blocked

Fingerprinting Plugins

Detecting Plugins

Automatic Plugin Detection

Detecting Plugins in BeEF

Attacking Plugins

Bypassing Click to Play

Attacking Java

Attacking Flash

Attacking ActiveX Controls

Attacking PDF Readers

Attacking Media Plugins

Summary

Questions

Notes

Chapter 9   Attacking Web Applications

Sending Cross-origin Requests

Enumerating Cross-origin Quirks

Preflight Requests

Implications

Cross-origin Web Application Detection

Discovering Intranet Device IP Addresses

Enumerating Internal Domain Names

Cross-origin Web Application Fingerprinting

Requesting Known Resources

Cross-origin Authentication Detection

Exploiting Cross-site Request Forgery

Understanding Cross-site Request Forgery

Attacking Password Reset with XSRF

Using CSRF Tokens for Protection

Cross-origin Resource Detection

Cross-origin Web Application Vulnerability Detection

SQL Injection Vulnerabilities

Detecting Cross-site Scripting Vulnerabilities

Proxying through the Browser

Browsing through a Browser

Burp through a Browser

Sqlmap through a Browser

Browser through Flash

Launching Denial-of-Service Attacks

Web Application Pinch Points

DDoS Using Multiple Hooked Browsers

Launching Web Application Exploits

Cross-origin DNS Hijack

Cross-origin JBoss JMX Remote Command Execution

Cross-origin GlassFish Remote Command Execution

Cross-origin m0n0wall Remote Command Execution

Cross-origin Embedded Device Command Execution

Summary

Questions

Notes

Chapter 10 Attacking Networks

Identifying Targets

Identifying the Hooked Browser's Internal IP

Identifying the Hooked Browser's Subnet

Ping Sweeping

Ping Sweeping using XMLHttpRequest

Ping Sweeping using Java

Port Scanning

Bypassing Port Banning

Port Scanning using the IMG Tag

Distributed Port Scanning

Fingerprinting Non-HTTP Services

Attacking Non-HTTP Services

NAT Pinning

Achieving Inter-protocol Communication

Achieving Inter-protocol Exploitation

Getting Shells using BeEF Bind

The BeEF Bind Shellcode

Using BeEF Bind in your Exploits

Using BeEF Bind as a Web Shell

Summary

Questions

Notes

Chapter 11 Epilogue: Final Thoughts

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset