Hackers exploit browser vulnerabilities to attack deep within networks

The Browser Hacker's Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods.

The web browser has become the most popular and widely used computer "program" in the world. As the gateway to the Internet, it is part of the storefront to any business that operates online, but it is also one of the most vulnerable entry points of any system. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker's Handbook thoroughly covers complex security issues and explores relevant topics such as:

•  Bypassing the Same Origin Policy

•  ARP spoofing, social engineering, and phishing to access browsers

•  DNS tunneling, attacking web applications, and proxying—all from the browser

•  Exploiting the browser and its ecosystem (plugins and extensions)

•  Cross-origin attacks, including Inter-protocol Communication and Exploitation

The Browser Hacker's Handbook is written with a professional security engagement in mind. Leveraging browsers as pivot points into a target's network should form an integral component into any social engineering or red-team security assessment. This handbook provides a complete methodology to understand and structure your next browser penetration test.

Browsers have never been more vulnerable.

Are you prepared?

The browser has essentially become the operating system of the modern era, and with that comes vulnerabilities on a scale not yet seen in IT security. The Browser Hacker’s Handbook, written by an expert team of browser hackers, is the first book of its kind to offer a tutorial-based approach to understanding browser vulnerabilities and learning to defend your networks and critical systems from potential attacks.

This comprehensive guide will show you exactly how hackers target browsers and exploit their weaknesses to establish a beachhead and launch attacks deep into your network. Fight back with The Browser Hacker’s Handbook.

Learn to:

• Exploit the most common vulnerabilities of Firefox®, Internet Explorer®, and Chrome™, as well as other browsers
• Leverage browsers as pivot points into a target’s network when performing security assessments
• Initiate―and maintain―control over a target browser, giving you direct access to sensitive assets
• Exploit weaknesses in browser plugins and extensions, two of the most vulnerable entry points for the browser
• Use Inter-protocol Communication and Exploitation to further exploit internal network systems from the hooked browser

Visit the companion website at browserhacker.com to download all the code examples in this book.

Table of Contents

Chapter 1: Web Browser Security

Chapter 2: Initiating Control

Chapter 3: Retaining Control

Chapter 4: Bypassing the Same

Chapter 5: Attacking Users

Chapter 6: Attacking Browsers

Chapter 7: Attacking Extensions

Chapter 8: Attacking Plugins

Chapter 9: Attacking Web Applications

Chapter 10: Attacking Networks

Chapter 11: Epilogue: Final Thoughts

About the Author

WADE ALCORN is the creator of the BeEF open source browser exploitation framework, among toolswatch.org’s top 10 security tools.

CHRISTIAN FRICHOT is a lead developer of BeEF, as well as a leader of the Perth Open Web Application Security Project.

MICHELE ORRÙ is the lead core developer of BeEF, as well as a vulnerability researcher and social engineer.