Clickjacking
Clickjacking is a social engineering technique where a hacker fools a victim into performing seemingly innocuous click(s) but ends up being compromised as a result of their actions.
Attended Zscaler's seminar today and was pretty impressed by the speaker's presentation and demo. He demonstrated Clickjacking and I decided to make a video of their demo page instead of building my own.
In this specific demo, I use the common tactic of inciting victims to visit a malicious page via email. The victim enters the webpage and are encouraged to click on an "innocent" button. This "innocent" button is just an image* that hides a Google "Create Alert" button underneath. Imagine the damage an actual malicious page containing hidden malicious scripts, code or actions can cause.
* Alignment of the fake button varies from browser to browser.
The high res version of this demo can be downloaded here.
Attended Zscaler's seminar today and was pretty impressed by the speaker's presentation and demo. He demonstrated Clickjacking and I decided to make a video of their demo page instead of building my own.
In this specific demo, I use the common tactic of inciting victims to visit a malicious page via email. The victim enters the webpage and are encouraged to click on an "innocent" button. This "innocent" button is just an image* that hides a Google "Create Alert" button underneath. Imagine the damage an actual malicious page containing hidden malicious scripts, code or actions can cause.
* Alignment of the fake button varies from browser to browser.
The high res version of this demo can be downloaded here.
Comments
Post a Comment