TABLE OF CONTENTS Cross-site scripting (XSS) attacks are often considered benign, or at least limited with regard to their malicious potential. For example, most people understand that JavaScript malicious software (malware) can steal cookies or redirect a person to another site. However, these simplistic attacks, while useful, only begin to scratch the surface as to what a person can do once they are allowed to run code on your browser. In this chapter, you will be introduced to the far reaching potential that a small bug in a Web site can give an attacker. From stealing your history to stealing your router, JavaScript malware makes it all possible.
When an adversary conducts intelligent attacks, additional knowledge of their victims and their habits are essential. Instead of aiming widely, an attacker may target specific vulnerable areas where they're most likely to succeed. Using a few JavaScript/CSS tricks, it's trivial to expose which Web sites a victim has visited, determine if they are logged-in, and reveal nuggets of their search engine history. Armed with this information, an attacker may initiate wire transfers, propagate Web Worms, or send Web Mail spam on Web sites where the victim currently has authenticated access.
The JavaScript/CSS history hack is a highly effective brute-force method to uncover where a victim has been. The average Web user sticks to the same few dozen or so Web sites in normal everyday activity. The first thing an attacker will do is collect a list of some of...
