What type of attack involves exploiting a user’s web browser by manipulating existing session tokens?

The attack that involves exploiting a user’s web browser by manipulating existing session tokens is known as cross-site request forgery (CSRF). In a CSRF attack, the attacker tricks a victim into submitting an unwanted request to a web application where the victim is authenticated. This is possible because the web application relies on the tokens that are already stored in the user's browser, such as session cookies. When the victim's browser sends a request, the server assumes it is a legitimate action initiated by the user since the session tokens are included, allowing the attacker to perform actions on behalf of the user without their consent.

This contrasts with other forms of attacks mentioned. Cross-site scripting (XSS) typically involves injecting malicious scripts into web pages viewed by other users. SQL injection involves inserting SQL queries into input fields to manipulate a database. Brute-force attacks focus on guessing passwords through trial and error rather than exploiting session tokens. Each of these attack vectors works through different mechanisms and targets, highlighting the unique focus of CSRF on the misuse of authenticated sessions.