- 1:第一章 - 介绍
- 1.1:关于作者
- 1.2:热情
- 1.3:环境
- 1.4:设定目标
- 1.5:模糊测试
- 1.6:坚持与运气
- 1.7:社交媒体
- 1.8:基础知识
- 1.9:总结
- 2:第二章 - 无括号的JavaScript
- 2.1:无括号调用函数
- 2.2:无括号调用带参数的函数
- 2.3:抛出表达式
- 2.4:标签模板字符串
- 2.5:Has instance符号
- 2.6:概要
- 3:第三章 - 模糊测试
- 3.1:真相
- 3.2:模糊测试 JavaScript URL
- 3.3:模糊测试 HTTP URL
- 3.4:模糊测试 HTML
- 3.5:模糊测试已知行为
- 3.6:模糊测试转义字符
- 3.7:总结
- 4:第四章 - 给黑客用的DOM
- 4.1:我的窗口在哪?
- 4.2:HTML 事件的作用域
- 4.3:DOM覆盖
- 4.4:总结
- 5:第五章 - 浏览器漏洞
- 5.1:介绍
- 5.2:Firefox 处理跨域URL错误
- 5.3:Safari 对跨源主机名的分配
- 5.4:IE 完整的 SOP 绕过
- 5.5:Chrome部分同源策略(SOP)信息泄露
- 5.6:Safari 完全绕过同源政策
- 5.7:Opera SOP 绕过
- 5.8:总结
- 6:第六章 - 原型污染
- 6.1:介绍
- 6.2:客户端原型污染
- 6.3:服务器端原型污染
- 6.4:总结
- 7:第七章 - 非字母数字JavaScript
- 7.1:编写非字母数字JavaScript
- 7.2:不用括号的非字母代码
- 7.3:六字符墙
- 7.4:无限及更远
- 7.5:总结
- 8:第八章 - XSS
- 8.1:关闭脚本
- 8.2:脚本内的注释
- 8.3:SVG脚本中的HTML实体
- 8.4:没有闭合脚本的脚本
- 8.5:窗口名称载荷
- 8.6:可分配协议
- 8.7:使用Source maps创建pingbacks
- 8.8:新的重定向接收器
- 8.9:JavaScript 注释
- 8.10:新行
- 8.11:空白字符
- 8.12:动态导入
- 8.13:XML中的XHTML命名空间
- 8.14:SVG上传
- 8.15:SVG use元素
- 8.16:HTML实体
- 8.17:事件
- 8.18:隐藏输入中的XSS
- 8.19:弹出框
- 8.20:总结
- 9:致谢
- 1:第一章 - 介绍
JavaScript for 黑客 (简体中文版)
学习像黑客一样思考
学习如何发现JavaScript中的有趣行为和漏洞。阅读本书,您将学到最新最棒的JavaScript黑客技术和生成XSS负载的方法。包括如何只使用+[]()!字符来构建JavaScript。没听说过DOM污染?本书提供了所有详细信息。
This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English
Minimum price
$20.00
$35.00
You pay
$35.00Authors earn
$28.00PDF
EPUB
WEB
About
About the Book
你是否曾想过黑客是如何找到浏览器和JavaScript中的漏洞的?这本书分享了他们的思维过程,并为你提供了寻找自己漏洞的工具。它介绍了JavaScript黑客的基础知识,然后深入解释了如何构建不使用括号的JavaScript负载。
- 展示了你如何通过模糊测试找到漏洞,以及如何在几秒钟内快速模糊测试数百万个字符。
- 想要黑掉DOM吗?这本书为你准备好了。
- 详细阅读作者发现的各种浏览器同源策略(SOP)绕过方法。
- 不了解客户端原型污染?这本书就是为你准备的!
- 想学习最新最强的跨站脚本攻击(XSS)技术吗?你需要购买这本书。
Feedback
This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English
Author
About the Authors
Gareth Heyes
PortSwigger researcher Gareth Heyes is probably best known for his work escaping JavaScript sandboxes, and creating super-elegant XSS vectors. When he's not co-authoring books (like the recent title, Web Application Obfuscation), Gareth is a father to two wonderful girls and husband to an amazing wife, as well as an ardent fan of Liverpool FC.
In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, researching new techniques to attack web applications, and preparing to speak at conferences around the globe. A recent highlight was his presentation "XSS Magic Tricks" at OWASP Allstars Amsterdam, 2019. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time he loves writing new BApp extensions (he's the creator of both Hackvertor and Taborator).
Episode 255
An Interview with Gareth Heyes
TranslateAI
Leanpub now has a TranslateAI service which uses AI to translate their book from English into up to 31 languages, or from one of those 31 languages into English. We also have a GlobalAuthor bundle which uses TranslateAI to translate English-language books into either 8 or 31 languages.
Leanpub exists to serve our authors. We want to help you reach as many readers as possible, in their preferred language. So, just as Leanpub automates the process of publishing a PDF and EPUB ebook, we've now automated the process of translating those books!
Contents
Table of Contents
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.