Clickjacking

What is Clickjacking?

Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

POC

<html>
<head>
    <title>This website is vulnerable to clickjacking</title>
</head>
<body>
    <iframe style="height: 500px; width: 500px;" src="https://<companyname>"></iframe>
</body>
</html>

Tools

• https://portswigger.net/burp/documentation/desktop/tools/clickbandit

• https://gf.dev/x-frame-options-test

• https://github.com/D4Vinci/Clickjacking-Tester

References

• https://portswigger.net/web-security/clickjacking

• https://www.netsparker.com/blog/web-security/clickjacking-attacks/

• https://javascript.info/clickjacking

• https://medium.com/@raushanraj_65039/google-clickjacking-6a04132b918a

• https://medium.com/@osamaavvan/1800-worth-clickjacking-1f92e79d0414