Here it is in a nutshell:
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins. The key learning objectives of this article are to understand the:
* web 2.0 application architecture and its security concerns.
* hacking challenges such as discovering hidden calls, crawling issues, and Ajax side logic discovery.
* discovery of XHR calls with the Firebug tool.
* simulation of browser event automation with the Chickenfoot plugin.
* debugging of applications from a security standpoint, using the Firebug debugger.
* methodical approach to vulnerability detection.
Basically you need are these tools (all download links):
- FireFox – Its a browser.
Here’s the hack/hacks in their most basic form. I am just trying to make it simple for use dumb people that want hacks fast and easy.
To start you will need to go to a site that is “web 2.0”, aka run on ajax (Hint: the most exploitable sites will be the ones that anounce themselves as “web 2.0:).
3. Find Form Passwords With Firebug – securityfocus.com has the best explanation on this one. CLICKY CLICKY
Mad props to
I HIGHLY encourage everyone to read the original article in its entirety. These peeps is way l33t.
Hack on fellow bored people!!