1 Available at www.isecpartners.com/files/XSRF_Paper_0.pdf.
87
4
Malicious
JavaScript
and AJAX
88 Hacking Exposed Web 2.0
JavaScript and Asynchronous JavaScript and XML (AJAX) are great technologies that
have changed the way web applications are used on the Internet. While so much of
the web is written in Java and JavaScript (and soon AJAX), the attack surface for
malicious users is also very wide. Malicious JavaScript, including malicious AJAX,
has already started to do damage on the Internet. The things that make AJAX and
JavaScript attractive for developers, including its agility, flexibility, and powerful
functions, are the same things that attackers love about it.
This chapter is dedicated to the use of JavaScript and AJAX for malicious purposes.
You will see how malicious JavaScript/AJAX can be used to compromise user accounts,
attack web applications, or cause general disruption on the Internet. The following topics
are included in the chapter:
??? Malicious JavaScript
??? XSS Proxy
??? BeEF Proxy
??? Visited URL Enumeration
??? JavaScript Port Scanner
??? Bypassing Input Filters
??? Malicious AJAX
??? XMLHTTPRequest
??? Automated AJAX Testing
??? Samy Worm
??? Yammer Worm
MALICIOUS JAVASCRIPT
JavaScript has traditionally been considered a fairly harmless technology.
Pages:
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187