JavaScript for 黑客 (简体中文版)

学习像黑客一样思考

Gareth Heyes and TranslateAI

学习如何发现JavaScript中的有趣行为和漏洞。阅读本书,您将学到最新最棒的JavaScript黑客技术和生成XSS负载的方法。包括如何只使用+[]()!字符来构建JavaScript。没听说过DOM污染?本书提供了所有详细信息。

Gareth Heyes and TranslateAI

This is a book in Chinese (Simplified)!

This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English

Minimum price

20ドル.00

35ドル.00

You pay

35ドル.00

Authors earn

28ドル.00

PDF

EPUB

About

About the Book

你是否曾想过黑客是如何找到浏览器和JavaScript中的漏洞的?这本书分享了他们的思维过程,并为你提供了寻找自己漏洞的工具。它介绍了JavaScript黑客的基础知识,然后深入解释了如何构建不使用括号的JavaScript负载。

展示了你如何通过模糊测试找到漏洞,以及如何在几秒钟内快速模糊测试数百万个字符。
想要黑掉DOM吗?这本书为你准备好了。
详细阅读作者发现的各种浏览器同源策略(SOP)绕过方法。
不了解客户端原型污染?这本书就是为你准备的!
想学习最新最强的跨站脚本攻击(XSS)技术吗?你需要购买这本书。

Share this book

Feedback

Email the Authors

This book is a translation into Chinese (Simplified) of JavaScript for hackers which was originally written in English

Author

About the Authors

Gareth Heyes

PortSwigger 的研究人员 Gareth Heyes 以其在逃逸 JavaScript 沙箱和创建超优雅的 XSS 向量方面的工作而闻名。在业余时间,他喜欢用纯 CSS 创建交互式 3D 房间和游戏,经常在他的网站 garethheyes.co.uk 上发布和实验。Gareth 是两个漂亮女孩的父亲,也是一位了不起的妻子的丈夫,同时也是利物浦足球俱乐部的忠实粉丝。

在 PortSwigger 的日常工作中,Gareth 经常被发现创建新的 XSS 向量,研究攻击 Web 应用程序的新技术,并准备在全球各地的会议上发言。最近的一个亮点是他在 2023 年 OWASP 全球应用安全大会(都柏林) 上的演讲"服务器端原型污染:无 DoS 的黑盒检测"。他还是 PortSwigger 的 XSS 备忘单的作者。在业余时间,他喜欢编写新的 BApp 扩展(他是 Hackvertor 和 Taborator 的创建者)。

Leanpub Podcast

Episode 255

An Interview with Gareth Heyes

TranslateAI

Leanpub now has a TranslateAI service which uses AI to translate their book from English into up to 31 languages, or from one of those 31 languages into English. We also have a GlobalAuthor bundle which uses TranslateAI to translate English-language books into either 8 or 31 languages.

Leanpub exists to serve our authors. We want to help you reach as many readers as possible, in their preferred language. So, just as Leanpub automates the process of publishing a PDF and EPUB ebook, we've now automated the process of translating those books!

Table of Contents

- 1:第一章 - 介绍
  - 1.1:关于作者
  - 1.2:热情
  - 1.3:环境
  - 1.4:设定目标
  - 1.5:模糊测试
  - 1.6:坚持与运气
  - 1.7:社交媒体
  - 1.8:基础知识
  - 1.9:总结
- 2:第二章 - 无括号的JavaScript
  - 2.1:无括号调用函数
  - 2.2:无括号调用带参数的函数
  - 2.3:抛出表达式
  - 2.4:标签模板字符串
  - 2.5:Has instance符号
  - 2.6:概要
- 3:第三章 - 模糊测试
  - 3.1:真相
  - 3.2:模糊测试 JavaScript URL
  - 3.3:模糊测试 HTTP URL
  - 3.4:模糊测试 HTML
  - 3.5:模糊测试已知行为
  - 3.6:模糊测试转义字符
  - 3.7:总结
- 4:第四章 - 给黑客用的DOM
  - 4.1:我的窗口在哪?
  - 4.2:HTML 事件的作用域
  - 4.3:DOM覆盖
  - 4.4:总结
- 5:第五章 - 浏览器漏洞
  - 5.1:介绍
  - 5.2:Firefox 处理跨域URL错误
  - 5.3:Safari 对跨源主机名的分配
  - 5.4:IE 完整的 SOP 绕过
  - 5.5:Chrome部分同源策略(SOP)信息泄露
  - 5.6:Safari 完全绕过同源政策
  - 5.7:Opera SOP 绕过
  - 5.8:总结
- 6:第六章 - 原型污染
  - 6.1:介绍
  - 6.2:客户端原型污染
  - 6.3:服务器端原型污染
  - 6.4:总结
- 7:第七章 - 非字母数字JavaScript
  - 7.1:编写非字母数字JavaScript
  - 7.2:不用括号的非字母代码
  - 7.3:六字符墙
  - 7.4:无限及更远
  - 7.5:总结
- 8:第八章 - XSS
  - 8.1:关闭脚本
  - 8.2:脚本内的注释
  - 8.3:SVG脚本中的HTML实体
  - 8.4:没有闭合脚本的脚本
  - 8.5:窗口名称载荷
  - 8.6:可分配协议
  - 8.7:使用Source maps创建pingbacks
  - 8.8:新的重定向接收器
  - 8.9:JavaScript 注释
  - 8.10:新行
  - 8.11:空白字符
  - 8.12:动态导入
  - 8.13:XML中的XHTML命名空间
  - 8.14:SVG上传
  - 8.15:SVG use元素
  - 8.16:HTML实体
  - 8.17:事件
  - 8.18:隐藏输入中的XSS
  - 8.19:弹出框
  - 8.20:总结
- 9:致谢

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn 8ドル on a 10ドル Purchase, and 16ドル on a 20ドル Purchase

We pay 80% royalties on purchases of 7ドル.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between 0ドル.99 and 7ドル.98. You earn 8ドル on a 10ドル sale, and 16ドル on a 20ドル sale. So, if we sell 5000 non-refunded copies of your book for 20ドル, you'll earn 80,000ドル.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over 14ドル million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub

Leanpub Header

Leanpub Navigation