Browser exploit: Difference between revisions
Line 15: | Line 15: | ||
==Framework== |
==Framework== |
||
A [[BeEF (Browser Exploitation Framework)|Browser Exploitation Framework]] could be used to attack browsers in realtime. |
|||
[[Exploit Pack (XSS Paradise]] is the ultimate resource to test the security or insecurity of your browser. |
[[Exploit Pack (XSS Paradise]] is the ultimate resource to test the security or insecurity of your browser. |
||
Revision as of 15:13, 26 April 2013
A browser exploit is a form of malicious code that takes advantage of a flaw or vulnerability in an operating system or piece of software with the intent to breach browser security to alter a user's browser settings without their knowledge. Malicious code may exploit ActiveX, HTML, images, Java, JavaScript, and other Web technologies and cause the browser to run arbitrary code.
Symptoms
Users whose web browsers have fallen victim of a successful browser exploit may find their homepage, search page, and/or favorites have been changed. Other signs include Internet settings options within the browser being altered, access being blocked to specific functions, and the redirection of incorrectly typed URL prefixes.
Prevention
There are multiple ways users can protect their web browsers from falling victim to a browser exploit. Such things include installing firewall software, keeping software updated, being cautious when downloading files, and not opening email attachments from unknown sources.
Notable browser exploits
JailbreakMe is a series of browser based exploits used to jailbreak Apple's iOS mobile operating system. It uses an exploit in the browser's PDF parser to execute unauthorised code and gain access to the underlying operating system.
Framework
Exploit Pack (XSS Paradise is the ultimate resource to test the security or insecurity of your browser.