What is Clickjacking: Clickjacking attack allows to perform an action on victim website, Mostly Facebook and Twitter accounts are targetable. when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both. It may be similar to CSRF Cross Site Request Forgeries Attack. Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe. Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. At present this attack mostly use on social network websites like Facebook and twitter, Because this attack is used by convinced victim for click on the link and SocialNetwork website might be very useful for attack on victim. One famous example of clickjacking is Facebook. | Code: <style> iframe { /* iframe from facebook.com */ width:300px; height:100px; position:absolute; top:0; left:0; filter:alpha(opacity=50); /* in real life opacity=0 */ opacity:0.5; } </style> <div>Click on the link to get more followers:</div> <iframe src="/files/tutorial/window/clicktarget.html"></iframe> <a href="http://www.google.com" target="_blank" style="position:relative;left:20px;z-index:-1">CLICK ME!</a> <div>You'll be get 10000 followers..!!</div> Output: Click on the link to get more followers Click Me You'll be get 10000 followers..!! Download ClickJacking Tool For Defence: Clickjacking Protection For more information: OWASP |
yllex
Thursday, October 8, 2015
Popular Posts
-
facebook shortcuts key help us to do work fast when we are working on facebook. some useful shortcuts kyes for Chrome & Internet Explore...
-
Baahubali-2 Story Leaked On Internet Read The Full story of Baahubali-2 http://pasted.co/1fe9d91a
-
Hacking is an engaging field but it is surely not easy. To become a hacker one has to have an attitude and curiosity of learning and adapt...
-
Clash Of Kings Features From Play Store: *Run a King's Empire in this PVP Action Adventure game. *Play with other games world wide *( Mu...
-
Caller ID spoofing is the act of making the telephone network to display any desired (fake) incoming number on the recipien...
-
TYPES OF HACKERS Hackers are three types:- 1. White hat hacker 2. Gray hat hacker 3. Black hat hacker White Hat and Grey Hat Hacker...
-
Hello Friends Am Back With Unlimited 3G Trick For Blocked Sim Users Follow Below Steps To Use Unlimited Internet At First Download This Oper...
-
get any product for RS 20 ebay product cost should be less than 220 Hey all, as all of u know that ebay offer (RS 200 off on order of RS 220...
-
i am showing you Indian disposable phone numbers for Verify/bypass otp codes in many sites in India. This is an site for throwaway, disposab...
-
Earn Unlimited Paypal Credits From Yroo! Again Working For Unlimited Loot! ■ At First Go Here And Login With Fb https://goo.gl/CtxleS (For s...
0 comments:
Post a Comment