Skip to Main Content
The Browser Hacker's Handbook
book

The Browser Hacker's Handbook

by Wade Alcorn, Christian Frichot, Michele Orru
March 2014
Intermediate to advanced content levelIntermediate to advanced
648 pages
16h 56m
English
Wiley
Content preview from The Browser Hacker's Handbook

CHAPTER 5

Attacking Users

Humans are often referred to as the weakest link in information security. There are many suppositions as to why this may be. Is it our inherent desire to be ‘helpful’? Perhaps it's our inexperience, especially in the rapidly changing frontiers of communication and technology? Or, is it simply our (often) misplaced trust in each other?

In this chapter, you will focus your attention on attacks targeted at the user sitting at the end of the keyboard. Some of the attacks discussed further leverage social engineering tactics, similar to methods discussed in earlier chapters on hooking the browser. Other attacks exploit browser features, and their flawed trust in code coming from multiple sources.

Defacing Content

One of the easiest, and often overlooked, methods of tricking a user into performing untoward actions is simply by rewriting the content within the current hooked page. If you're able to execute JavaScript within an origin, there's nothing stopping you from acquiring portions of the current document, or from inserting arbitrary content. This can lead to very subtle and effective methods of tricking the user into performing an action on your behalf.

These techniques of changing discrete pieces of the DOM are essential to a majority of the following attacks. In fact, a number of these methods have been discussed already in earlier chapters on initiating and retaining control of the browser.

So, where to begin? To first know what to rewrite, you need ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

The Mobile Application Hacker's Handbook

The Mobile Application Hacker's Handbook

Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell
Hands on Hacking

Hands on Hacking

Matthew Hickey, Jennifer Arcuri

Publisher Resources

ISBN: 9781118662090Purchase book