Автор: Gareth Heyes
Издательство: Leanpub
Год: 2022-12-21
Язык: английский
Формат: pdf (true), mobi, epub
Размер: 10.2 MB
Learn how to find interesting behaviour and flaws in jаvascript. Reading this book you will find the latest and greatest techniques for hacking jаvascript and generating XSS payloads. Includes ways to construct jаvascript using only +[]()! characters. Never heard of DOM Clobbering? This book has all the details.
Have you ever wondered how a hacker approaches finding flaws in the browser and jаvascript? This book shares the thought processes and gives you tools to find your own flaws. It shares the basics of jаvascript hacking, then dives in and explains how to construct jаvascript payloads that don't use parentheses.
jаvascript has always been my passion, I’m fascinated by ways to help me understand JS further. You can often see me tweeting about ways to call functions without parentheses, insane XSS vectors and general ways to find deeper ways of understanding a particular feature. I’m often asked how a tweet can be used to apply to a WAF bypass or browser exploit. For me this isn’t important, sure you could use ways to call jаvascript functions without parentheses to bypass WAFs but the point of my tweets is often to rapidly gain knowledge that could be applied later.
By looking for ways to hack jаvascript you are learning about a feature and then applying that knowledge to achieve a goal, it doesn’t matter what that goal is as long as you’ve got a target it will help you remember.
Shows how you can find flaws with fuzzing and how to quickly fuzz millions of characters in seconds.
Want to hack the DOM? This book has you covered.
Read about various browser SOP bypasses that the author found in detail.
No idea about client-side prototype pollution? This is the book for you!
Want to learn the latest & greatest XSS techniques? You need to buy this book.
Скачать jаvascript for hackers : Learn to think like a hacker