Torrent details for "Heyes G. JavaScript for Hackers. Learn to Think Like a Hacker 2024 [andryold1]"    Log in to bookmark

wide
Torrent details
Cover
Download
Torrent rating (0 rated)
Controls:
Category:
Language:
English English
Total Size:
7.06 MB
Info Hash:
2f19a8848e49b4178d6641f222b2861a35988ac4
Added By:
Added:  
11-06-2024 07:52
Views:
229
Health:
Seeds:
73
Leechers:
3
Completed:
525
wide




Description
wide
Externally indexed torrent
If you are the original uploader, contact staff to have it moved to your account
Textbook in PDF format

Learn how to find interesting behaviour and flaws in JavaScript. Reading this book you will find the latest and greatest techniques for hacking JavaScript and generating XSS payloads. Includes ways to construct JavaScript using only  ! characters. Never heard of DOM Clobbering? This book has all the details.
Have you ever wondered how a hacker approaches finding flaws in the browser and JavaScript? This book shares the thought processes and gives you tools to find your own flaws. It shares the basics of JavaScript hacking, then dives in and explains how to construct JavaScript payloads that don't use parentheses.
Once you’ve got your chosen environment set up the next step is to set a goal. If you have no goal you can be staring at a blank page not getting anywhere. A goal enables you to make sure you’re always trying something and it can be flexible too. For instance one of my goals was “execute JavaScript without parentheses”. If you’ve set a good goal it will almost likely never end and good ones also mutate into another goal for example the goal I mentioned earlier mutated into “execute JavaScript functions without parentheses and pass arguments”. Now you can see how these two goals are useful because now you have a clear idea what you have to do and you can abuse JavaScript features to achieve that goal. In the example above the second goal is more challenging than the first but the second goal enables you to gain knowledge to achieve the more difficult goal.
Fuzzing is one of the most important tools in a JavaScript hackers toolbox, it enables you to answer questions really fast and discover new things by getting the computer to report the results. Fuzzing is simply writing code that enumerates characters, code or data in order to find interesting behaviour. In binary exploitation you’d use a fuzzer to find DoS or an exploitable crash but when JavaScript hacking the idea is to achieve your goal by getting answers to questions. For example I set myself a goal to understand what characters are allowed as whitespace, you might be wondering to yourself why not simply look at the specification? You should not use the specification as your only source of information when trying to discover browser behaviour because browsers sometimes do not follow the specification, this can be because they make a mistake or simply choose not to for various reasons like backward compatibility.
Shows how you can find flaws with fuzzing and how to quickly fuzz millions of characters in seconds.
Want to hack the DOM? This book has you covered.
Read about various browser SOP bypasses that the author found in detail.
No idea about client-side prototype pollution? This is the book for you!
Want to learn the latest &amp greatest XSS techniques? You need to buy this book.
Contents:
Chapter one - Introduction
Chapter two - JavaScript without parentheses
Chapter three - Fuzzing
Chapter four - DOM for hackers
Chapter five - Browser exploits
Chapter six - Prototype pollution
Chapter seven - Non-alphanumeric JavaScript
Chapter eight - XSS
Credits

  User comments    Sort newest first

No comments have been posted yet.



Post anonymous comment
  • Comments need intelligible text (not only emojis or meaningless drivel).
  • No upload requests, visit the forum or message the uploader for this.
  • Use common sense and try to stay on topic.

  • :) :( :D :P :-) B) 8o :? 8) ;) :-* :-( :| O:-D Party Pirates Yuk Facepalm :-@ :o) Pacman Shit Alien eyes Ass Warn Help Bad Love Joystick Boom Eggplant Floppy TV Ghost Note Msg


    CAPTCHA Image 

    Anonymous comments have a moderation delay and show up after 15 minutes