Top Banner
CLICKJACKING Security Nightmare
16

Clickjacking Attack

Jan 22, 2015

Download

Technology

Tùng Hà Sơn

Seminar

options framebuster

page malicious

scripts addon

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Clickjacking Attack

CLICKJACKINGSecurity Nightmare

Page 2: Clickjacking Attack

Jeremiah Grossman (Whitehat Security)

Robert Hansen(SecTheory)

2008

Page 3: Clickjacking Attack

also known as a "UI redress attack"

…is a malicious technique of tricking a web user…

…into clicking on something different… from what the user perceives they are clicking on

Page 4: Clickjacking Attack

12 cases

+ Browser+ Plug-in+ Website

NOT ALL

Page 5: Clickjacking Attack
Page 6: Clickjacking Attack
Page 7: Clickjacking Attack

<iframe>opacity & z-index

Page 8: Clickjacking Attack

My page (malicious page)w3schools.com

<iframe src=http://www.w3schools.com></iframe>

Page 9: Clickjacking Attack

opacity: 1;z-index: 0;

Page 10: Clickjacking Attack

opacity: 0.5;z-index: 1;

Page 11: Clickjacking Attack
Page 12: Clickjacking Attack

Server side

• X-Frame-Options

• Framebuster

Client side

• No-Script

Page 13: Clickjacking Attack

Header append X-Frame-Options “DENY”

Page 14: Clickjacking Attack

Framebuster

Page 15: Clickjacking Attack

No-Scripts add-on

Page 16: Clickjacking Attack

Related Documents
Accessibility Clickjacking, Devastating Android Vulnerability

Accessibility Clickjacking, Devastating Android...

Category: Mobile
Clickjacking - University Of MarylandClickjacking When one principal tricks the user into interacting with UI elements of another principal An attack application (script) compromises

Clickjacking - University Of MarylandClickjacking When one.....

Category: Documents
All Your Clicks Belong to Me: Investigating Click ... · Clickjacking, also known as UI redressing, is a popular attack designed to trick a victim into doing some tasks on another

All Your Clicks Belong to Me: Investigating Click ... ·...

Category: Documents
UI Redressing and Clickjacking: About click fraud and data theft2011.zeronights.org/files/marcusniemietz-uiredressingand... · 2016-08-16 · Introduction Attack vectors Counteractive

UI Redressing and Clickjacking: About click fraud and data.....

Category: Documents
New Computer Security Threat - ClickJacking

New Computer Security Threat - ClickJacking

Category: Documents
WEB SECURITY: CLICKJACKING · Clickjacking When one principal tricks the user into interacting with UI elements of another principal An attack application (script) compromises the

WEB SECURITY: CLICKJACKING · Clickjacking When one...

Category: Documents
Server-side approaches to clickjacking detectionthe-eye.eu/public/Site-Dumps/index-of/index-of.co.uk/Clickjacking/Server-side... · •What if rivals mount clickjacking campaigns

Server-side approaches to clickjacking...

Category: Documents
Clickjacking: An empirical study with an automated testing ...Clickjacking is not among the preferred attack vector adopted by miscreants on the Internet It is complicated to setup

Clickjacking: An empirical study with an automated testing.....

Category: Documents
UI Redressing and Clickjacking: About click fraud and data ... · Clickjacking Tool Attack vectors Classic clickjacking Advanced attacks Clickjacking and XSS Clickjacking and CSS

UI Redressing and Clickjacking: About click fraud and data.....

Category: Documents
Clickjacking For Shells - wiki.owasp.org › images › 3 › 31 › OWASP_NZ_SEP...Clickjacking For Shells OWASP Wellington, New Zealand Chapter Meeting September 2011 PDF Version

Clickjacking For Shells - wiki.owasp.org › images › 3...

Category: Documents
Strumenti di protezione da attacchi di tipo clickjackingdeisnet.deis.unibo.it/nsl/securext/Download/tesi_Colella.pdf · [Capitolo 1 – Il clickjacking] 2 Capitolo 1 – Il clickjacking

Strumenti di protezione da attacchi di tipo...

Category: Documents
Vulnerability Assessment Report - Avenging Security · Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user

Vulnerability Assessment Report - Avenging Security ·...

Category: Documents