Chapter 9. Practical Client-Side Attacks
When we talk about client-side attacks, there is a tendency to discredit their viability in compromising an environment. After all, executing JavaScript in the browser is far less sexy than executing native code and popping a shell on the application server itself. What's the point of being able to execute heavily sandboxed JavaScript in a short-lived browsing session? How much damage can an attacker do with this type of vulnerability? Quite a bit, as it turns out.
In this chapter, we will explore client-side attacks, with a heavy emphasis on XSS. We will also look at Cross-Site Request Forgery (CSRF) attacks and discuss the implications of the same-origin policy (SOP). Next, we will look at ways to weaponize XSS vulnerabilities using BeEF.
By the end of the chapter, you should be comfortable with:
- Stored, reflected, and DOM-based XSS
- CSRF and possible attacks and limitations
- BeEF, the de facto tool for client-side exploitation...