Details
The Browser Hacker's Handbook
1. Aufl.
|
44,99 € |
|
| Verlag: | Wiley |
| Format: | |
| Veröffentl.: | 25.02.2014 |
| ISBN/EAN: | 9781118662106 |
| Sprache: | englisch |
| Anzahl Seiten: | 656 |
DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.
Beschreibungen
<b>Hackers exploit browser vulnerabilities to attack deep within networks</b> <p><i>The Browser Hacker's Handbook</i> gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods.</p> <p>The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. <i>The Browser Hacker's Handbook</i> thoroughly covers complex security issues and explores relevant topics such as:</p> <ul> <li>Bypassing the Same Origin Policy</li> <li>ARP spoofing, social engineering, and phishing to access browsers</li> <li>DNS tunneling, attacking web applications, and proxying—all from the browser</li> <li>Exploiting the browser and its ecosystem (plugins and extensions)</li> <li>Cross-origin attacks, including Inter-protocol Communication and Exploitation</li> </ul> <p><i>The Browser Hacker's Handbook</i> is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.</p>
Introduction xv <p><b>Chapter 1 Web Browser Security 1</b></p> <p>A Principal Principle 2</p> <p>Exploring the Browser 3</p> <p>Symbiosis with the Web Application 4</p> <p>Same Origin Policy 4</p> <p>HTTP Headers 5</p> <p>Markup Languages 5</p> <p>Cascading Style Sheets 6</p> <p>Scripting 6</p> <p>Document Object Model 7</p> <p>Rendering Engines 7</p> <p>Geolocation 9</p> <p>Web Storage 9</p> <p>Cross-origin Resource Sharing 9</p> <p>HTML5 10</p> <p>Vulnerabilities 11</p> <p>Evolutionary Pressures 12</p> <p>HTTP Headers 13</p> <p>Reflected XSS Filtering 15</p> <p>Sandboxing 15</p> <p>Anti-phishing and Anti-malware 16</p> <p>Mixed Content 17</p> <p>Core Security Problems 17</p> <p>Attack Surface 17</p> <p>Surrendering Control 20</p> <p>TCP Protocol Control 20</p> <p>Encrypted Communication 20</p> <p>Same Origin Policy 21</p> <p>Fallacies 21</p> <p>Browser Hacking Methodology 22</p> <p>Summary 28</p> <p>Questions 28</p> <p>Notes 29</p> <p><b>Chapter 2 Initiating Control 31</b></p> <p>Understanding Control Initiation 32</p> <p>Control Initiation Techniques 32</p> <p>Using Cross-site Scripting Attacks 32</p> <p>Using Compromised Web Applications 46</p> <p>Using Advertising Networks 46</p> <p>Using Social Engineering Attacks 47</p> <p>Using Man-in-the-Middle Attacks 59</p> <p>Summary 72</p> <p>Questions 73</p> <p>Notes 73</p> <p><b>Chapter 3 Retaining Control 77</b></p> <p>Understanding Control Retention 78</p> <p>Exploring Communication Techniques 79</p> <p>Using XMLHttpRequest Polling 80</p> <p>Using Cross-origin Resource Sharing 83</p> <p>Using WebSocket Communication 84</p> <p>Using Messaging Communication 86</p> <p>Using DNS Tunnel Communication 89</p> <p>Exploring Persistence Techniques 96</p> <p>Using IFrames 96</p> <p>Using Browser Events 98</p> <p>Using Pop-Under Windows 101</p> <p>Using Man-in-the-Browser Attacks 104</p> <p>Evading Detection 110</p> <p>Evasion using Encoding 111</p> <p>Evasion using Obfuscation 116</p> <p>Summary 125</p> <p>Questions 126</p> <p>Notes 127</p> <p><b>Chapter 4 Bypassing the Same Origin Policy 129</b></p> <p>Understanding the Same Origin Policy 130</p> <p>Understanding the SOP with the DOM 130</p> <p>Understanding the SOP with CORS 131</p> <p>Understanding the SOP with Plugins 132</p> <p>Understanding the SOP with UI Redressing 133</p> <p>Understanding the SOP with Browser History 133</p> <p>Exploring SOP Bypasses 134</p> <p>Bypassing SOP in Java 134</p> <p>Bypassing SOP in Adobe Reader 140</p> <p>Bypassing SOP in Adobe Flash 141</p> <p>Bypassing SOP in Silverlight 142</p> <p>Bypassing SOP in Internet Explorer 142</p> <p>Bypassing SOP in Safari 143</p> <p>Bypassing SOP in Firefox 144</p> <p>Bypassing SOP in Opera 145</p> <p>Bypassing SOP in Cloud Storage 149</p> <p>Bypassing SOP in CORS 150</p> <p>Exploiting SOP Bypasses 151</p> <p>Proxying Requests 151</p> <p>Exploiting UI Redressing Attacks 153</p> <p>Exploiting Browser History 170</p> <p>Summary 178</p> <p>Questions 179</p> <p>Notes 179</p> <p><b>Chapter 5 Attacking Users 183</b></p> <p>Defacing Content 183</p> <p>Capturing User Input 187</p> <p>Using Focus Events 188</p> <p>Using Keyboard Events 190</p> <p>Using Mouse and Pointer Events 192</p> <p>Using Form Events 195</p> <p>Using IFrame Key Logging 196</p> <p>Social Engineering 197</p> <p>Using TabNabbing 198</p> <p>Using the Fullscreen 199</p> <p>Abusing UI Expectations 204</p> <p>Using Signed Java Applets 223</p> <p>Privacy Attacks 228</p> <p>Non-cookie Session Tracking 230</p> <p>Bypassing Anonymization 231</p> <p>Attacking Password Managers 234</p> <p>Controlling the Webcam and Microphone 236</p> <p>Summary 242</p> <p>Questions 243</p> <p>Notes 243</p> <p><b>Chapter 6 Attacking Browsers 247</b></p> <p>Fingerprinting Browsers 248</p> <p>Fingerprinting using HTTP Headers 249</p> <p>Fingerprinting using DOM Properties 253</p> <p>Fingerprinting using Software Bugs 258</p> <p>Fingerprinting using Quirks 259</p> <p>Bypassing Cookie Protections 260</p> <p>Understanding the Structure 261</p> <p>Understanding Attributes 263</p> <p>Bypassing Path Attribute Restrictions 265</p> <p>Overflowing the Cookie Jar 268</p> <p>Using Cookies for Tracking 270</p> <p>Sidejacking Attacks 271</p> <p>Bypassing HTTPS 272</p> <p>Downgrading HTTPS to HTTP 272</p> <p>Attacking Certificates 276</p> <p>Attacking the SSL/TLS Layer 277</p> <p>Abusing Schemes 278</p> <p>Abusing iOS 279</p> <p>Abusing the Samsung Galaxy 281</p> <p>Attacking JavaScript 283</p> <p>Attacking Encryption in JavaScript 283</p> <p>JavaScript and Heap Exploitation 286</p> <p>Getting Shells using Metasploit 293</p> <p>Getting Started with Metasploit 294</p> <p>Choosing the Exploit 295</p> <p>Executing a Single Exploit 296</p> <p>Using Browser Autopwn 300</p> <p>Using BeEF with Metasploit 302</p> <p>Summary 305</p> <p>Questions 305</p> <p>Notes 306</p> <p><b>Chapter 7 Attacking Extensions 311</b></p> <p>Understanding Extension Anatomy 312</p> <p>How Extensions Differ from Plugins 312</p> <p>How Extensions Differ from Add-ons 313</p> <p>Exploring Privileges 313</p> <p>Understanding Firefox Extensions 314</p> <p>Understanding Chrome Extensions 321</p> <p>Discussing Internet Explorer Extensions 330</p> <p>Fingerprinting Extensions 331</p> <p>Fingerprinting using HTTP Headers 331</p> <p>Fingerprinting using the DOM 332</p> <p>Fingerprinting using the Manifest 335</p> <p>Attacking Extensions 336</p> <p>Impersonating Extensions 336</p> <p>Cross-context Scripting 339</p> <p>Achieving OS Command Execution 355</p> <p>Achieving OS Command Injection 359</p> <p>Summary 364</p> <p>Questions 365</p> <p>Notes 365</p> <p><b>Chapter 8 Attacking Plugins 371</b></p> <p>Understanding Plugin Anatomy 372</p> <p>How Plugins Differ from Extensions 372</p> <p>How Plugins Differ from Standard Programs 374</p> <p>Calling Plugins 374</p> <p>How Plugins are Blocked 376</p> <p>Fingerprinting Plugins 377</p> <p>Detecting Plugins 377</p> <p>Automatic Plugin Detection 379</p> <p>Detecting Plugins in BeEF 380</p> <p>Attacking Plugins 382</p> <p>Bypassing Click to Play 382</p> <p>Attacking Java 388</p> <p>Attacking Flash 400</p> <p>Attacking ActiveX Controls 403</p> <p>Attacking PDF Readers 408</p> <p>Attacking Media Plugins 410</p> <p>Summary 415</p> <p>Questions 416</p> <p>Notes 416</p> <p><b>Chapter 9 Attacking Web Applications 421</b></p> <p>Sending Cross-origin Requests 422</p> <p>Enumerating Cross-origin Quirks 422</p> <p>Preflight Requests 425</p> <p>Implications 425</p> <p>Cross-origin Web Application Detection 426</p> <p>Discovering Intranet Device IP Addresses 426</p> <p>Enumerating Internal Domain Names 427</p> <p>Cross-origin Web Application Fingerprinting 429</p> <p>Requesting Known Resources 430</p> <p>Cross-origin Authentication Detection 436</p> <p>Exploiting Cross-site Request Forgery 440</p> <p>Understanding Cross-site Request Forgery 440</p> <p>Attacking Password Reset with XSRF 443</p> <p>Using CSRF Tokens for Protection 444</p> <p>Cross-origin Resource Detection 445</p> <p>Cross-origin Web Application Vulnerability Detection 450</p> <p>SQL Injection Vulnerabilities 450</p> <p>Detecting Cross-site Scripting Vulnerabilities 465</p> <p>Proxying through the Browser 469</p> <p>Browsing through a Browser 472</p> <p>Burp through a Browser 477</p> <p>Sqlmap through a Browser 480</p> <p>Browser through Flash 482</p> <p>Launching Denial-of-Service Attacks 487</p> <p>Web Application Pinch Points 487</p> <p>DDoS Using Multiple Hooked Browsers 489</p> <p>Launching Web Application Exploits 493</p> <p>Cross-origin DNS Hijack 493</p> <p>Cross-origin JBoss JMX Remote Command Execution 495</p> <p>Cross-origin GlassFish Remote Command Execution 497</p> <p>Cross-origin m0n0wall Remote Command Execution 501</p> <p>Cross-origin Embedded Device Command Execution 502</p> <p>Summary 508</p> <p>Questions 508</p> <p>Notes 509</p> <p><b>Chapter 10 Attacking Networks 513</b></p> <p>Identifying Targets 514</p> <p>Identifying the Hooked Browser’s Internal IP 514</p> <p>Identifying the Hooked Browser’s Subnet 520</p> <p>Ping Sweeping 523</p> <p>Ping Sweeping using XMLHttpRequest 523</p> <p>Ping Sweeping using Java 528</p> <p>Port Scanning 531</p> <p>Bypassing Port Banning 532</p> <p>Port Scanning using the IMG Tag 537</p> <p>Distributed Port Scanning 539</p> <p>Fingerprinting Non-HTTP Services 542</p> <p>Attacking Non-HTTP Services 545</p> <p>NAT Pinning 545</p> <p>Achieving Inter-protocol Communication 549</p> <p>Achieving Inter-protocol Exploitation 564</p> <p>Getting Shells using BeEF Bind 579</p> <p>The BeEF Bind Shellcode 579</p> <p>Using BeEF Bind in your Exploits 585</p> <p>Using BeEF Bind as a Web Shell 596</p> <p>Summary 599</p> <p>Questions 600</p> <p>Notes 601</p> <p><b>Chapter 11 Epilogue: Final Thoughts 605</b></p> <p>Index 609</p>
<p><b>WADE ALCORN</b> is the creator of the BeEF open source browser exploitation framework, among toolswatch.org’s top 10 security tools.</p> <p><b>CHRISTIAN FRICHOT</b> is a lead developer of BeEF, as well as a leader of the Perth Open Web Application Security Project.</p> <p><b>MICHELE ORRÙ</b> is the lead core developer of BeEF, as well as a vulnerability researcher and social engineer.</p>
<p><b>Browsers have never been more vulnerable.</b><br /> <b>Are you prepared?</b></p> <p>The browser has essentially become the operating system of the modern era, and with that comes vulnerabilities on a scale not yet seen in IT security. <i>The Browser Hacker’s Handbook,</i> written by an expert team of browser hackers, is the first book of its kind to offer a tutorial-based approach to understanding browser vulnerabilities and learning to defend your networks and critical systems from potential attacks.</p> <p>This comprehensive guide will show you exactly how hackers target browsers and exploit their weaknesses to establish a beachhead and launch attacks deep into your network. Fight back with <i>The Browser Hacker’s Handbook.</i></p> <p><b>Learn to:</b></p> <ul> <li>Exploit the most common vulnerabilities of Firefox®, Internet Explorer®, and Chrome™, as well as other browsers</li> <li>Leverage browsers as pivot points into a target’s network when performing security assessments</li> <li>Initiate—and maintain—control over a target browser, giving you direct access to sensitive assets</li> <li>Exploit weaknesses in browser plugins and extensions, two of the most vulnerable entry points for the browser</li> <li>Use Inter-protocol Communication and Exploitation to further exploit internal network systems from the hooked browser</li> </ul> <p>Visit the companion website at <b>browserhacker.com</b> to download all the code examples in this book.</p>
Diese Produkte könnten Sie auch interessieren:
