Index
A
Accept header, fingerprinting and, 250–252
ActionScript, 401
ActiveFax exploitation
IPE (Inter-protocol Exploitation), 574–579
ActiveX, 372
plugins, 403
VLC, media plugin attacks, 410–413
addEventListener( ) function, 188
add-ons, versus extensions, 313
Adobe Flash, SOP, bypassing, 141–142
Adobe Reader, SOP, bypassing, 140–141
AJAX
MitB (Man-in-the-Browser) techniques, 104–110
non-AJAX requests, hijacking, 107–110
Allow-Access-From-Origin:, 596
Android phones, scheme abuse, 281–283
Android Web Market XSS flaw, 33
anonymization, bypassing, 231–234
anonymous functions, 83
applets
Java
ARP (Address Resolution Protocol), spoofing, 64–70
attachApplet( ) function, 530
attachEvent( ) function, 188
extensions, 19
rate of change, 18
attacks
extensions, 26
networks, 27
plugins, 27
users, 26
web applications, 27
XSS (Cross-Site Scripting), 32–33
Attempt Change button, 269–270
authentication
pre-authentication RCe, 503–504
authentication detection, web app attacks, 436–440
AVM (ActionScript Virtual Machine), 401
avpop( ) function, 215
B
background page, extensions, 325
baiting for phishing attacks, 57–58
Base64 encoding, detection evasion, 111 ...