Since users/
web developers generally notice JavaScript through invalid syntax or while creating
visual effects while interacting with a site, it is often considered a rather benign web
technology. In recent years, however, a number of tools have become available in
JavaScript and research has been released that details just how damaging malicious
JavaScript can be. These tools include proxies that allow an attacker to hijack control of a
victim??™s browser and port scanners that can map an internal network from the victim??™s
browser. Additionally, malicious JavaScript is not limited to overt attacks, as it can be
used to breech a victim??™s privacy by obtaining a user??™s browsing history and browsing
habits.
With the wide range of JavaScript attack tools now easily available, attacks that were
previously launched at a network level can now be triggered inside a victim??™s browser
simply by the victim browsing a malicious web site.
Chapter 4: Malicious JavaScript and AJAX 89
XSS Proxy
Popularity: 2
Simplicity: 2
Impact: 9
Risk Rating: 4
In the case of Cross-Site Scripting (XSS) attacks, even security-conscious web developers
often believe that the only point of an attack is to steal a victim??™s valid session
identifier.
Pages:
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188