Another Java 0day was discovered today which got me thinking how browser exploitation (remote execution on clients browser) works.
I am unable to find any books or resources online about browser exploitation, I can code and know how to use a debugger. However, I have no idea where to get started in terms on learning how to exploit browser using Java or Flash. Any resources or a list of prerequisites will be very useful.
Targeting sandboxed platforms like Flash and Java will be excessively difficult if you're just starting out, so I suggest you learn to walk before you try to run.
Some stuff you'll want to know:
A few resources to check out:
From there, you'll be on your way to understanding how browser vulns work. There aren't really any direct tutorials for that kind of thing, because the environment is so varied dependent on your browser and the plugins it is using.
Check out Fuzzing with DOM Level 2 and 3
"Overview
Fuzzing techniques proved to be very effective in finding vulnerabilities in web browsers.Over time several valuable fuzzers have been written and some of them (mangleme, cross_fuzz) have became a "de-facto" standard, being widely adopted by the security research community.
The most common approach in browser fuzzing leverages on DOM Level 1 interfaces, where DOM elements are randomly created, crawled, tweaked and deleted.
Using this approach hundreds of memory corruption bugs have been uncovered in all mainstream browsers but, due to widespread coverage, spotting new bugs is becoming increasingly difficult.
At DeepSec conference in Vienna, I showed an evolutive approach of browser fuzzing that relies on some DOM interfaces introduced by W3C DOM Level 2 and Level 3 specifications. Using this approach a fuzzer prototype has been built and tested against IE9, IE10 and Chrome, providing interesting results: more than 70 different crashes have been generated and several memory corruption errors have been found, some of which turned to be exploitable."
