7Hijacking Ajax Applications
Myth: Ajax source code and APIs are not easily modified.
JavaScript programs can modify themselves while they are executing. This allows other JavaScript programs to automatically hijack the program execution of an Ajax application and twist it into performing malicious activities and exposing private user data.
In Chapter 6, “Transparency in Ajax Applications,” we saw that an attacker can manipulate client-side source code and data to produce malicious results. This was done using a JavaScript debugger or by physically rewriting the JavaScript code on the client machine. In this chapter will we show you how other JavaScript programs can intercept and automatically modify an Ajax application’s source code. Ajax frameworks ...
Get Ajax Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
