zzzz

Clickjacking Tutorial

What is Clickjacking?

The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. 

Need Knowledge of:

HTML, CSS, Javascript;

How To Find

Manually, 

<html>
<iframe src="URL">

Just insert your Url in URL, if you see website opens up in this frame, Then Congratulation You Find Clickjacking Bug.

Note: Clickjacking bug only acceptable if page contain sensitive information e.g: Credit Card Form, Login Form or Profile Edit Form;

There are number of software for web application scanning like Acunetix etc

Exploit :

Use opacity tag of CSS to hide content of website. Now make an attractive website to force victim to do any desire thing which you want!
Previous
Next Post »