The Browser Hacker's Handbook by Wade Alcorn, Christian Frichot and Michele Orru.pdf

The Browser Hacker’s

Handbook

Wade Alcor n

Christian Frichot

Michele Orrù

The Browser Hacker’s Handbook

Published by

John Wiley & Sons, Inc.

10475 Crosspoint Boulevard

Indianapolis, IN 46256

www.wiley.com

Published simultaneously in Canada

ISBN: 978-1-118- 66209- 0

ISBN: 978-1-118- 66210 - 6 (ebk)

ISBN: 978-1-118-91435-9 (ebk)

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or

by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted

under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission

of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance

Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher

for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street,

Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions .

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-

ranties with respect to the accuracy or completeness of the contents of this work and speciically disclaim all

warranties, including without limitation warranties of itness for a particular purpose. No warranty may be

created or extended by sales or promotional materials. The advice and strategies contained herein may not

be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in

rendering legal, accounting, or other professional services. If professional assistance is required, the services

of a competent professional person should be sought. Neither the publisher nor the author shall be liable for

damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation

and/or a potential source of further information does not mean that the author or the publisher endorses

the information the organization or website may provide or recommendations it may make. Further, readers

should be aware that Internet websites listed in this work may have changed or disappeared between when

this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department

within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included

with standard print versions of this book may not be included in e-books or in print-on-demand. If this

book refers to media such as a CD or DVD that is not included in the version you purchased, you may

download this material at http://booksupport.wiley.com . For more information about Wiley products,

visit www.wiley.com .

Library of Congress Control Number: 2013958295

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc.

and/or its afiliates, in the United States and other countries, and may not be used without written permission.

All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated

with any product or vendor mentioned in this book.

About the Authors

Wade Alcorn ( @WadeAlcorn ) has been in the IT security game for longer than he

cares to remember. A childhood fascination with breaking stuff and solving puzzles

put him on the path to his career.

Wade is the creator of BeEF (The Browser Exploitation Framework), which is consid-

ered one of the most popular tools for exploiting browsers. Wade is also the General

Manager of the Asia Paciic arm of the NCC group, and has led security assessments

targeting critical infrastructure, banks, retailers, and other enterprises.

Wade is committed to the betterment of IT security, and enjoys contributing

to public groups and presenting at international conferences. He has published

leading technical papers on emerging threats and has discovered vulnerabilities

in widely used software.

Christian Frichot ( @xntrik ) has been into computers since the day his dad brought

home an Amiga 1000. Having discovered it couldn’t start Monkey Island with its

measly 512KB of RAM, he promptly complained until the impressive 2MB exten-

sion was acquired. Since then, Christian has worked in a number of different IT

industries, primarily Finance and Resources, until inally settling down to found

Asterisk Information Security in Perth, Australia.

Christian is also actively involved in developing software; with a particular focus

on data visualization, data analysis, and assisting businesses manage their secu-

rity and processes more effectively. As one of the developers within the Browser

Exploitation Framework (BeEF), he also spends time researching how to best lever-

age browsers and their technology to assist in penetration testing.

While not busting browsers, Christian also engages with the security community

(have you seen how much he tweets?), not only as one of the Perth OWASP Chapter

Leads, but also as an active participant within the wider security community in Perth.

Michele Orrù ( @antisnatchor ) is the lead core developer and “smart-minds-recruiter”

for the BeEF project. He has a deep knowledge of programming in multiple lan-

guages and paradigms, and is excited to apply this knowledge while reading and

hacking code written by others.

iii

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: