Chapter 6

Web User Hacking

Chapter Rundown:

■ Attacking other users instead of the server or application

■ Running malicious code with cross-site scripting (XSS)

■ Executing malicious commands with cross-site request forgery (CSRF)

■ Attacks that can’t be stopped: how the Social-Engineer Toolkit (SET) makes you a rock star


The target for web hackers has shifted away from the web server and web application and squarely on the web user. Some web user attacks rely on web application vulnerabilities, while other attacks don’t require any existing application vulnerability to be successful, but they all rely on the user unknowingly making a malicious request. Regardless of how the attack is delivered, the payload is executed on the user’s machine ...

Get The Basics of Web Hacking now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.