CLICKJACKING
ClickJacking is making a target click on a link and then redirecting them to a destination where attacker/ Hacker want to rout them. It looks like phishing but it’s very different from a phishing attack. Clickjacking is also known as UI REDRESS ATTACK and IFRAME overlay. The most used way of clickjacking is by IFRAME, its just an HTML code. We can make IFRAME with some lines of HTML code. But for Clickjacking we need a vulnerable site many popular websites are also vulnerable with CLICKJACKING attack. its other name is an EVIL ATTACK, LIKE JACKING, etc
There are two types of clickjacking
1.Client-side methods: Frame Busting is the common client side method. they can bypassed easily.
2.Server-side methods: X-Frame Options is the common server side method they cant bypassed easily.
WHAT A HACKER CAN DO WITH CLICKJACKING ATTACK?
Hacker can redirect the user to download any malware or virus then the attacker can easily gain access on victims computer’s camera, microphone cookie, etc. Hacker can also redirect the user to a fake payment gateway from there attacker can steal dumps of credit/debit card and credentials. An attacker can also spread online scams and malware with the help of clickjacking.
PREVENTION OF CLICKJACKING ATTACK
1. You can install Firefox and Chrome add on “no script”.
2. The website owner can include an iframe killing javascript in pages. (below I will provide that
code)
3. Don’t click on untrusted links.
4. Don’t be greedy.
CASE STUDY
Last year someone posted a link on Facebook of getting free UC for pubg mobile, my friend clicked on that link and my friend’s facebook account deactivated that link was redirected to the page of deactivating facebook account. The method attacker was using is clickjacking, and sometimes attacker uploading link of getting free paytm cash and the victim click on that link. Sometimes they are giving a huge discount on the product. So don’t be like my friend and USE YOUR BRAIN.EXE
 CODE SAMPLE
1.iframe killing code
<style>
/* Hide page by default */
html { display : none; }
</style>
<script>
if (self == top) {
// Everything checks out, show the page.
document.documentElement.style.display = ‘block’;
} else {
// Break out of the frame.
top.location = self.location;
}
</script>
2. code where you can check that website is vulnerable or not. if the website opened in iframe it means that site is vulne rable.
<html>
<head>
<title>clickjacking</title>
</head>
<body>
<p>this Website is vulnerable to clickjacking </p>
<iframe
src=”enter victim website link here”
height=”450″ width=”400″></iframe>
</body>
</html>
If you want to watch a video of CLICKJACKING in Hindi with full details click here .
Practical video coming soon.
