The second approach that we're going to try is the client-side attack. This approach will require the client, or the person who uses that computer, to do something. This could involve a number of things, such as installing an update, opening a picture, or opening a Trojan. We're going to learn how to create a Trojan, how to create backdoors, how to use social engineering to make the target person do something so that when they carry out that action, we will gain access to their computer. Information gathering is going to be crucial in this case, because we actually need to know the person that we're targeting. Various types of client-side attacks include content spoofing, cross-site scripting, and session fixation.