Client-Side Website Attack Methods

Rhett Greenhagen
7 min readJul 7, 2020


The internet is a double-edged sword. Users access websites for new information while creating new data, which is further used by these sites. For any website to work, there is a “relationship” that needs to be established between the client and user’s servers. By strategically placing the correct CTA’s (Call to Action), websites practically dictate user activity.

What Are Client Side Threats?

Client side threats occur when users access malicious content. With the advancement in technology, it has also become easier to deceive users with fake, but legitimate looking malicious content. Whenever a user accesses a website via a browser, they expect to view the intended page of their choice. This page is hosted onto a remote server, which the users cannot see or are not even privy to. Masking malicious content as useful information, these websites, or servers entice users to further click links. This is not limited to links and includes opening documents which eventually lead to malicious content. Client side attacks originate from the clients i.e. users themselves. The moment users download or access content from the attacker, they become more vulnerable to attacks.

One would assume that technology’s evolution would make it hard for attackers to orchestrate such attacks. Firewalls are pre-requisites to internet browsing; Microsoft Office is a general utility tool and acclaimed anti-virus software providers ensure the integrity of these systems. However, it is worth noting that Client side threats is not exclusively a technical attack, it is a mix of technical and psychological elements.

The average user is wary of the nefarious activities that websites engage in. Hence, it has become difficult for attackers to entice these users. Due to this, they must psychologically appeal to these users to “give in” to their schemes. In a nutshell, these attacks exploit the “safe” relationship between an average user and the website/server they access.

Common Methods of Client Side Attacks

As noted earlier, executing such attacks is not as simple as it was before. Attackers put in a lot of time to come up with ways to prey on the technologically vulnerable. Here are some ways with which attackers execute these attacks: -

1. Spoofing

Spoofing is an attack type where the user must be convinced that they are accessing a legitimate website. Users desperately looking for a form of content are the most vulnerable to this attack. Attackers usually replicate the URL of a legitimate site and interchange the characters in the URL. Due to this, the user does not notice the change in URL and the attacker presents the fake website as legitimate. Once the user lands on this site, the attacker sets up the appropriate Call to Action to administer the attack.

2. The Save and Reload Technique

The save and reload technique is a simple, yet effective technique to find vulnerabilities. Any user can access a website, save the web page, and modify the fields and reload it later. The user then must submit the form just like a regular webpage. This helps remove client-side restrictions/validation author might have put in place.

3. The File Open Technique

Web Developers do understand the need to add restrictions that avoid client-side attacks. By strategically placing input tags on online forms, it might impose restrictions on users to add more characters. This makes it difficult to tamper with the fundamentals of the site. However, JavaScript gives users full control over the values of any field. The users can manipulate the value of these fields, which can alter the inputs in these fields.

4. URL Manipulation

In instances when a website makes GET requests, a dummy URL with the same name/value is inserted into this URL. This URL is then sent to the server. Users create their own dummy, malicious files and set custom values that are not generated by a website form.

5. Rogue Extension

Rogue Extensions work by luring the users to stick on the website for a longer time. By constantly displaying messages that they can’t leave the site until an extension is installed, users are stalled to stay longer. Even if they further try, they are greeted with more errors over how the page can’t create additional dialogues.

Attacks of such nature force users to install malicious browser extensions, which then harvest data in the background. While they work in the background, they constantly show up during browsing sessions which contribute to users’ distress with their systems.

6. Sniffing Unencrypted Traffic

An operating system such as Kali Linux gives users the tool to monitor unencrypted traffic on a server. With minimal set up (assuming users know what they are doing) required, attackers need to log on to the server that is has any traffic coming in. Once they identify the unencrypted connections, they can identify their next victims and plan an attack accordingly.

7. Karmetasploit

Karmetasploit allows users to fake access points. A function of Metasploit, it allows users to extract passwords as well as execute browser attacks. Once the Karmetasploit code is set up, all it requires is for someone to log on to the fake access point. Once the connection is live, the program automatically presents the sensitive information to the attacker.

8. The Cookies Attacks

8.1 Attacks on Active Cookies

Cookies store valuable information that help websites track user activity to push out advertisements. They hold general and sensitive customer information, which can be held for ransom, if obtained. A good rule of thumb is to ensure that browsers encrypt cookies since it reduces the likelihood of this attack. Active cookies protect users from Pharming attacks such as spam and attackers mask these attacks as legitimate. Users let them in if they believe in information of such nature which can tamper with active cookies.

8.2 Cross-site scripting (XSS)

In this attack, the attackers tries to get cookies stored on the target’s system onto theirs. One way to do this is by inserting JavaScript into a page, say a message board. On message boards, when anyone types any information onto the text field, the dummy script will be executed. Once this is executed, the contents of the user’s active cookies are collated at the end of an image source address. A fake URL is requested and if the user is logging incoming HTTP requests, only then will the URL appear in their server logs. This allows the attacker to get their hands on the target’s cookie strings, which give them the cookies they were looking for.

9. SQL Injection

SQL is a popular platform used by websites to manage information on the “back-end”. SQL Injection attacks work by altering the fundamental SQL code, which allows attackers to enter any SQL statement. By doing so, the attacker can alter the website’s database, which will eventually lead to fake data. These attacks can also be used to execute remote programs on server computers. All it takes it interchanging the strings that can destroy valuable information

10. Java Applets Spoils

Any programs written in Java can be executed using Java Applets. The code must be written in a Java capable browser for Java Applets to work. The internet comprises of dynamic HTML technologies (DHTML), which facilitate animation and better user interaction on sites. Java Applets allow sites to go past DHTML restrictions to provide rich content on the site. These are ultimately downloaded and executed by web browsers. This isn’t safe when it comes to Internet Explorer and Netscape technologies, which have made their execution difficult.

SO, How to Surf the Website Safely

Avoiding attacks such as these comes down to how safely one navigates the internet. While being cautious will be the step in the right direction, understanding how to specifically be cautious is imperative. Firstly, it is not recommended to connect to Open Wi-Fi Networks. These can be come across at large, open spaces such as cafes.

These are hubs for attackers to get into a user’s systems and should be avoided at all costs. Secondly, an effort must be made to connect to secure VPN connections. VPN providers such as Nord VPN, Express VPN and Open VPN are just a host of options available to users. While they can set up their own VPN, it does involve a steep learning curve. Besides that, ensuring that the right programs are installed make a huge difference.

Disabling unwanted features, installing the latest firmware updates, and having a trusted anti-virus are the fundamentals to a safe browsing environment.

Final Words/Summary

Client side attacks gives users to ability to assume the role of an attacker. Every “accomplished” attacker was once a user and by devoting a lot of effort into their craft, mastered the ways of the internet.

While concepts such as online privacy and the topic of “safe” cyber security practices are more relevant than they were before, the concept of “right information” isn’t.

A search on the internet would fetch a host of contradictory results, which would dissuade users from learning more about online safety. Hence, an effort needs to be made by the regulators to push the right information, so that users can avoid being subjected to client-side attacks. Client side attacks are caused due to the technical ignorance of users and all they need is more awareness to thwart them off.



Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill