Security Click Jacking Introduction
// Security - Clickjacking: Clickjacking is a way to trick the user into thinking he is clicking/typing on one object while he is actually interacting with another. This can be done by loading the target domain in an iframe on the malicious website. If the victim domain frame is loaded with an opacity of zero, the user is not aware of the presence of the iframe. The user then ends up performing an action on the victim domain without even realizing it. The standard approach to solving this type of attack is to use frame-busting to prevent your website from loading in a frame. Clickjacking is a common web application vulnerability that hits its peak in the early 2000s. This attack is used by malicious attacker to trick users into thinking that they are interacting with one object while they are actually interacting with another. On a clickjacked page, the attacker displays some benign content to the user while it loads another page on top in a transparent layer. On the clickjacked page, the users think they are clicking buttons corresponding to the bottom layer, while they are actually performing actions on the hidden page on top. This is similar to other attacks in a way that the user does not have the knowledge of what he is actually doing. The attacker included an iframe on this page that references the contents of the disloyal subjects. However, as a user do not see this form because the attacker cleverly set the transparency of the iframe to 0, making it invisible. Next, the attacker modified the CSS properties of the iframe to position it directly on top of the button. When the user clicks on the button, the user is actually interacting with the transparent iframe above it.
page revision: 0, last edited: 01 Jan 2017 22:25