9

Attacking the Client

Code available on the client that is executed in the browser requires testing to determine any presence of sensitive information or the allowance of user input without server-side validation. We will learn how to perform these tests using Burp Suite.

In this chapter, we will cover the following recipes:

  • Testing for clickjacking
  • Testing for DOM-based cross-site scripting
  • Leveraging DOM Invader to test for DOM XSS
  • Testing for JavaScript execution
  • Testing for HTML injection
  • Testing for client-side resource manipulation

Technical requirements

To complete the recipes in this chapter, you will need the following:

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.