- 1:第一章 - 介绍
- 1.1:关于作者
- 1.2:热情
- 1.3:环境
- 1.4:设定目标
- 1.5:模糊测试
- 1.6:坚持与运气
- 1.7:社交媒体
- 1.8:基础知识
- 1.9:总结
- 2:第二章 - 无括号的JavaScript
- 2.1:无括号调用函数
- 2.2:无括号调用带参数的函数
- 2.3:抛出表达式
- 2.4:标签模板字符串
- 2.5:Has instance符号
- 2.6:概要
- 3:第三章 - 模糊测试
- 3.1:真相
- 3.2:模糊测试 JavaScript URL
- 3.3:模糊测试 HTTP URL
- 3.4:模糊测试 HTML
- 3.5:模糊测试已知行为
- 3.6:模糊测试转义字符
- 3.7:总结
- 4:第四章 - 给黑客用的DOM
- 4.1:我的窗口在哪?
- 4.2:HTML 事件的作用域
- 4.3:DOM覆盖
- 4.4:总结
- 5:第五章 - 浏览器漏洞
- 5.1:介绍
- 5.2:Firefox 处理跨域URL错误
- 5.3:Safari 对跨源主机名的分配
- 5.4:IE 完整的 SOP 绕过
- 5.5:Chrome部分同源策略(SOP)信息泄露
- 5.6:Safari 完全绕过同源政策
- 5.7:Opera SOP 绕过
- 5.8:总结
- 6:第六章 - 原型污染
- 6.1:介绍
- 6.2:客户端原型污染
- 6.3:服务器端原型污染
- 6.4:总结
- 7:第七章 - 非字母数字JavaScript
- 7.1:编写非字母数字JavaScript
- 7.2:不用括号的非字母代码
- 7.3:六字符墙
- 7.4:无限及更远
- 7.5:总结
- 8:第八章 - XSS
- 8.1:关闭脚本
- 8.2:脚本内的注释
- 8.3:SVG脚本中的HTML实体
- 8.4:没有闭合脚本的脚本
- 8.5:窗口名称载荷
- 8.6:可分配协议
- 8.7:使用Source maps创建pingbacks
- 8.8:新的重定向接收器
- 8.9:JavaScript 注释
- 8.10:新行
- 8.11:空白字符
- 8.12:动态导入
- 8.13:XML中的XHTML命名空间
- 8.14:SVG上传
- 8.15:SVG use元素
- 8.16:HTML实体
- 8.17:事件
- 8.18:隐藏输入中的XSS
- 8.19:弹出框
- 8.20:总结
- 9:致谢
- 1:第一章 - 介绍
JavaScript for 黑客 (简体中文版)
学习像黑客一样思考
学习如何发现JavaScript中的有趣行为和漏洞。阅读本书,您将学到最新最棒的JavaScript黑客技术和生成XSS负载的方法。包括如何只使用+[]()!字符来构建JavaScript。没听说过DOM污染?本书提供了所有详细信息。
This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English
Minimum price
$20.00
$35.00
You pay
$35.00Authors earn
$28.00PDF
EPUB
About
About the Book
你是否曾想过黑客是如何找到浏览器和JavaScript中的漏洞的?这本书分享了他们的思维过程,并为你提供了寻找自己漏洞的工具。它介绍了JavaScript黑客的基础知识,然后深入解释了如何构建不使用括号的JavaScript负载。
- 展示了你如何通过模糊测试找到漏洞,以及如何在几秒钟内快速模糊测试数百万个字符。
- 想要黑掉DOM吗?这本书为你准备好了。
- 详细阅读作者发现的各种浏览器同源策略(SOP)绕过方法。
- 不了解客户端原型污染?这本书就是为你准备的!
- 想学习最新最强的跨站脚本攻击(XSS)技术吗?你需要购买这本书。
Feedback
This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English
Author
About the Authors
Gareth Heyes
PortSwigger 的研究人员 Gareth Heyes 以其在逃逸 JavaScript 沙箱和创建超优雅的 XSS 向量方面的工作而闻名。在业余时间,他喜欢用纯 CSS 创建交互式 3D 房间和游戏,经常在他的网站 garethheyes.co.uk 上发布和实验。Gareth 是两个漂亮女孩的父亲,也是一位了不起的妻子的丈夫,同时也是利物浦足球俱乐部的忠实粉丝。
在 PortSwigger 的日常工作中,Gareth 经常被发现创建新的 XSS 向量,研究攻击 Web 应用程序的新技术,并准备在全球各地的会议上发言。最近的一个亮点是他在 2023 年 OWASP 全球应用安全大会(都柏林) 上的演讲“服务器端原型污染:无 DoS 的黑盒检测”。他还是 PortSwigger 的 XSS 备忘单 的作者。在业余时间,他喜欢编写新的 BApp 扩展(他是 Hackvertor 和 Taborator 的创建者)。
Episode 255
An Interview with Gareth Heyes
TranslateAI
Leanpub now has a TranslateAI service which uses AI to translate their book from English into up to 31 languages, or from one of those 31 languages into English. We also have a GlobalAuthor bundle which uses TranslateAI to translate English-language books into either 8 or 31 languages.
Leanpub exists to serve our authors. We want to help you reach as many readers as possible, in their preferred language. So, just as Leanpub automates the process of publishing a PDF and EPUB ebook, we've now automated the process of translating those books!
Translations
Translations
Contents
Table of Contents
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
Earn $8 on a $10 Purchase, and $16 on a $20 Purchase
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
Write and Publish on Leanpub
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.