Index

A

Accept header, fingerprinting and, 250252

ActionScript, 401

ActiveFax exploitation

BeEF bind, 590592

IPE (Inter-protocol Exploitation), 574579

ActiveX, 372

plugins, 403

exploiting ActiveX, 404408

VLC, media plugin attacks, 410413

addEventListener( ) function, 188

add-ons, versus extensions, 313

Adobe Flash, SOP, bypassing, 141142

Adobe Reader, SOP, bypassing, 140141

advertising networks, 4647

AJAX

calls, hijacking, 106107

MitB (Man-in-the-Browser) techniques, 104110

non-AJAX requests, hijacking, 107110

Allow-Access-From-Origin:, 596

Android phones, scheme abuse, 281283

Android Web Market XSS flaw, 33

anonymization, bypassing, 231234

anonymous functions, 83

anti-phishing controls, 5859

applets

Java

plugins, 388389

reversing, 391395

signed, 223228

ARP (Address Resolution Protocol), spoofing, 6470

ARP Spoofing, 272273

attachApplet( ) function, 530

attachEvent( ) function, 188

attack surface, 1718

extensions, 19

plugins, 1920

rate of change, 18

silent updating, 1819

AttackAPI, 537539

attacks

browsers, 2627

extensions, 26

networks, 27

plugins, 27

users, 26

web applications, 27

XSS (Cross-Site Scripting), 3233

Attempt Change button, 269270

authentication

pre-authentication RCe, 503504

web app attacks, 436440

authentication detection, web app attacks, 436440

AVM (ActionScript Virtual Machine), 401

avpop( ) function, 215

B

BackFrame, 151152

background page, extensions, 325

baiting for phishing attacks, 5758

Base64 encoding, detection evasion, 111 ...

Get The Browser Hacker's Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial