References
- M. Musch, R. Kirchner, M. Boll and M. Johns, "Server-side browsers: exploring the web's hidden attack surface," Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, pp. 1168-1181, May. 2022.
- Wave, "Web accessibility evaluation tools," https://wave.webaim.org, Aug.2024.
- PDF24, "Free PDF solutions for all PDF problems," https://tools.pdf24.org, Aug. 2024.
- Tranco, "A research-oriented top sites ranking hardened against manipulation- 06 November 2023," https://tranco-list.eu, Nov. 2023.
- OWASP, "Owasp top 10," https://owasp.org/www-project-top-ten, Aug. 2024.
- OWASP, "Server-side request forgery prevention cheat sheet," https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html, Aug. 2024.
- Similarweb, "Check and analyze any website," https://www.similarweb.com, Aug. 2024.
- URLScan, "URL and website scanner," https://urlscan.io, Aug. 2024.
- Glitch, "The friendly community where everyone builds the web," https://glitch.com, Aug. 2024.
- Github, "Sources used in the research," https://github.com/zzyo1/server-side-browsers, Aug. 2024.
- AccuWebHosting, "Web server information tool," https://www.accuwebhosting.com/resources/show-web-server-detail, Aug. 2024.
- Xurlfind3r, "Passive urls discovery utility," https://github.com/hueristiq/xurlfind3r, Aug. 2024.
- Cloudflare, "What is browser isolation," https://www.cloudflare.com/learning/access-management/what-is-browser-isolation, Aug. 2024.
- H. Choi, S. Hong, S. Cho and Y.-G. Kim, "Hxd: hybrid xss detection by using a headless browser," Proceedings of the 2017 4th International Conference on Computer Applications and Information Processing Technology, pp. 1-4, Aug. 2017.
- C. Lv, L. Zhang, F. Zeng and J. Zhang, "Adaptive random testing for xss vulnerability," Proceedings of the 2019 26th Asia-Pacific Software Engineering Conference, pp. 63-69, Dec. 2019.
- Chromium, "Clickjacking rce of chrome headless with remote debugging," https://issues.chromium.org/issues/40056642, Jul. 2021.
- G. Pellegrino, O. Catakoglu, D. Balzarotti, and C. Rossow, "Uses and abuses of server-side requests," Proceedings of the 2016 International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 393-414,Sep. 2016.
- B. Jabiyev, O. Mirzaei, A. Kharraz, and E. Kirda, "Preventing server-side request forgery attacks," Proceedings of the 36th Annual ACM Symposium on Applied Computing, pp. 1626-1635, Mar. 2021.