Have you ever wondered how a hacker approaches finding flaws in the browser and JavaScript?

This book shares the thought processes and gives you tools to find your own flaws.

It shares the basics of JavaScript hacking, then dives in and explains how to construct JavaScript payloads that don't use parentheses.

•  Shows how you can find flaws with fuzzing and how to quickly fuzz millions of characters in seconds

•  Want to hack the DOM? This book has you covered

•  Read about various browser SOP bypasses that the author found in detail

•  No idea about client-side prototype pollution? This is the book for you!

•  Want to learn the latest & greatest XSS techniques?

You need to buy this book.

Table of Contents

1: Chapter one - Introduction

2: Chapter two - JavaScript without parentheses

3: Chapter three - Fuzzing

4: Chapter four - DOM for hackers

5: Chapter five - Browser exploits

6: Chapter six - Prototype pollution

7: Chapter seven - Non-alphanumeric JavaScript

8: Chapter eight - XSS

9: Credits

About the Author

PortSwigger researcher Gareth Heyes is probably best known for his work escaping JavaScript sandboxes, and creating super-elegant XSS vectors. When he's not co-authoring books (like the recent title, Web Application Obfuscation), Gareth is a father to two wonderful girls and husband to an amazing wife, as well as an ardent fan of Liverpool FC. 

In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, researching new techniques to attack web applications, and preparing to speak at conferences around the globe. A recent highlight was his presentation "XSS Magic Tricks" at OWASP Allstars Amsterdam, 2019. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time he loves writing new BApp extensions (he's the creator of both Hackvertor and Taborator).