A Principal Principle
Exploring the Browser
Evolutionary Pressures
Core Security Problems
Browser Hacking Methodology
Summary
Questions
Notes
Chapter 2 Initiating Control
Understanding Control Initiation
Control Initiation Techniques
Summary
Questions
Notes
Chapter 3 Retaining Control
Understanding Control Retention
Exploring Communication Techniques
Exploring Persistence Techniques
Evading Detection
Summary
Questions
Notes
Chapter 4 Bypassing the Same Origin Policy
Understanding the Same Origin Policy
Exploring SOP Bypasses
Exploiting SOP Bypasses
Summary
Questions
Notes
Chapter 5 Attacking Users
Defacing Content
Capturing User Input
Social Engineering
Privacy Attacks
Summary
Questions
Notes
Chapter 6 Attacking Browsers
Fingerprinting Browsers
Bypassing Cookie Protections
Bypassing HTTPS
Abusing Schemes
Attacking JavaScript
Getting Shells using Metasploit
Summary
Questions
Notes
Chapter 7 Attacking Extensions
Understanding Extension Anatomy
Fingerprinting Extensions
Attacking Extensions
Summary
Questions
Notes
Chapter 8 Attacking Plugins
Understanding Plugin Anatomy
Fingerprinting Plugins
Attacking Plugins
Summary
Questions
Notes
Chapter 9 Attacking Web Applications
Sending Cross-origin Requests
Cross-origin Web Application Detection
Cross-origin Web Application Fingerprinting
Cross-origin Authentication Detection
Exploiting Cross-site Request Forgery
Cross-origin Resource Detection
Cross-origin Web Application Vulnerability Detection
Proxying through the Browser
Launching Denial-of-Service Attacks
Launching Web Application Exploits
Summary
Questions
Notes
Chapter 10 Attacking Networks
Identifying Targets
Ping Sweeping
Port Scanning
Fingerprinting Non-HTTP Services
Attacking Non-HTTP Services
Getting Shells using BeEF Bind
Summary
Questions
Notes
Chapter 11 Epilogue: Final Thoughts
Index