Skip to Main Content
The Browser Hacker's Handbook
book

The Browser Hacker's Handbook

by Wade Alcorn, Christian Frichot, Michele Orru
March 2014
Intermediate to advanced content levelIntermediate to advanced
648 pages
16h 56m
English
Wiley
Content preview from The Browser Hacker's Handbook

CHAPTER 2

Initiating Control

Your first browser hacking step is to capture control of your target browser. This is just like getting your foot in the front door. Whilst there are many other actions you need to achieve before realizing your final goal, this all-important step must be taken first in every instance. This is the Initiating Control phase of the browser hacking methodology.

Every time the web browser executes code from a web server, it opens the door to an opportunity for you to capture control. By executing web server code, the web browser is surrendering some influence. You need to craft a situation where the browser will run code that you have created. Once you accomplish this, you will have the opportunity to start twisting the browser's functionality against itself.

The Initiating Control phase may involve varying degrees of sophistication. There are many ways that you can execute your instructions; some are reasonably trivial and others require much more effort. The most obvious way to gain control is by your target simply browsing to your own web application.

Web application security testers will be aware and comfortable with a number of the techniques discussed in this chapter. In fact, a number of these are well known, widely published, and frequently dissected within the security community.

Once you have your instructions executing in the browser, you will need to examine and understand your constraints. But first let's jump in and explore ways to achieve this ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

The Mobile Application Hacker's Handbook

The Mobile Application Hacker's Handbook

Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell
Hands on Hacking

Hands on Hacking

Matthew Hickey, Jennifer Arcuri

Publisher Resources

ISBN: 9781118662090Purchase book