of 16 /16
CLICKJACKING Security Nightmare

Clickjacking Attack

Tags:

Embed Size (px)

DESCRIPTION

Seminar

Text of Clickjacking Attack

Page 1: Clickjacking Attack

CLICKJACKINGSecurity Nightmare

Page 2: Clickjacking Attack

Jeremiah Grossman (Whitehat Security)

Robert Hansen(SecTheory)

2008

Page 3: Clickjacking Attack

also known as a "UI redress attack"

…is a malicious technique of tricking a web user…

…into clicking on something different… from what the user perceives they are clicking on

Page 4: Clickjacking Attack

12 cases

+ Browser+ Plug-in+ Website

NOT ALL

Page 5: Clickjacking Attack
Page 6: Clickjacking Attack
Page 7: Clickjacking Attack

<iframe>opacity & z-index

Page 8: Clickjacking Attack

My page (malicious page)w3schools.com

<iframe src=http://www.w3schools.com></iframe>

Page 9: Clickjacking Attack

opacity: 1;z-index: 0;

Page 10: Clickjacking Attack

opacity: 0.5;z-index: 1;

Page 11: Clickjacking Attack
Page 12: Clickjacking Attack

Server side

• X-Frame-Options

• Framebuster

Client side

• No-Script

Page 13: Clickjacking Attack

Header append X-Frame-Options “DENY”

Page 14: Clickjacking Attack

Framebuster

Page 15: Clickjacking Attack

No-Scripts add-on

Page 16: Clickjacking Attack

Kentico 9 · Clickjacking Clickjacking is a type of attack where the attacker tricks website users into clicking something different than what they see, thus performing an action
Kentico 9 · Clickjacking Clickjacking is a type of attack where the attacker tricks website users into clicking something different than what they see, thus performing an action
Documents
Network Security and Privacy - University of Texas …shmat/courses/cs378_spring07/...Clickjacking in the Wild Google search for “clickjacking” returns 624,000 results… this
Network Security and Privacy - University of Texas …shmat/courses/cs378_spring07/...Clickjacking in the Wild Google search for “clickjacking” returns 624,000 results… this
Documents
Context-Clickjacking White Paper
Context-Clickjacking White Paper
Documents
UI Redressing: Attacks and Countermeasures Revisitedindex-of.co.uk/Clickjacking/uiRedressing.pdf · “clickjacking” and it is also known under the previously used term “UI redressing”
UI Redressing: Attacks and Countermeasures Revisitedindex-of.co.uk/Clickjacking/uiRedressing.pdf · “clickjacking” and it is also known under the previously used term “UI redressing”
Documents
Owning Your Home Network: Router Security Revisited · classic clickjacking to discuss the most common attack vector of UI redressing. Tabjacking is used to point out how an attacker
Owning Your Home Network: Router Security Revisited · classic clickjacking to discuss the most common attack vector of UI redressing. Tabjacking is used to point out how an attacker
Documents
Next Generation Clickjacking
Next Generation Clickjacking
Documents
Computer Security: Clickjacking - University of Washington · CSE 484 / CSE M 584 Computer Security: Clickjacking Jared Moore jlcmoore@cs.washington.edu Thanks to Franzi Roesner,
Computer Security: Clickjacking - University of Washington · CSE 484 / CSE M 584 Computer Security: Clickjacking Jared Moore [email protected] Thanks to Franzi Roesner,
Documents
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
Mobile
Defending against XSS,CSRF, and Clickjacking David Bishop · Defending against XSS,CSRF, and Clickjacking David Bishop University of Tennessee Chattanooga ABSTRACT Whenever a person
Defending against XSS,CSRF, and Clickjacking David Bishop · Defending against XSS,CSRF, and Clickjacking David Bishop University of Tennessee Chattanooga ABSTRACT Whenever a person
Documents
All Your Clicks Belong to Me: Investigating Click ... · Clickjacking, also known as UI redressing, is a popular attack designed to trick a victim into doing some tasks on another
All Your Clicks Belong to Me: Investigating Click ... · Clickjacking, also known as UI redressing, is a popular attack designed to trick a victim into doing some tasks on another
Documents
SY306 Web and Databases for Cyber Operations Slide · PDF fileSY306 Web and Databases for Cyber Operations Slide Set #3: CSS Style! 2 ClickJacking Attack! • By loading Adobe Flash
SY306 Web and Databases for Cyber Operations Slide · PDF fileSY306 Web and Databases for Cyber Operations Slide Set #3: CSS Style! 2 ClickJacking Attack! • By loading Adobe Flash
Documents
Clickjacking Research Paper
Clickjacking Research Paper
Documents
14.8.6 December 2017 3725-78311-001L Polycom Video Border ... · clickjacking vulnerability. Clickjacking will compromise sensitive information and weaken the effectiveness of a user’s
14.8.6 December 2017 3725-78311-001L Polycom Video Border ... · clickjacking vulnerability. Clickjacking will compromise sensitive information and weaken the effectiveness of a user’s
Documents
Next Generation Clickjacking - Black Hat Briefings · © Context Information Security Limited / Commercial in Confidence Date[Edit in slide master] Next Generation Clickjacking
Next Generation Clickjacking - Black Hat Briefings · © Context Information Security Limited / Commercial in Confidence Date[Edit in slide master] Next Generation Clickjacking
Documents
Clickjacking For Shells - owasp
Clickjacking For Shells - owasp
Documents
OnlineDetection&PreventionofClickjacking Attacks · malicious scripts to be executed on the client side and to carry out Clickjacking attacks in on all web browserplatforms. Clickjacking
OnlineDetection&PreventionofClickjacking Attacks · malicious scripts to be executed on the client side and to carry out Clickjacking attacks in on all web browserplatforms. Clickjacking
Documents
Next Generation Clickjacking - Black Hat | Home
Next Generation Clickjacking - Black Hat | Home
Documents
Clickjacking For Shells - wiki.owasp.org › images › 3 › 31 › OWASP_NZ_SEP...Clickjacking For Shells OWASP Wellington, New Zealand Chapter Meeting September 2011 PDF Version
Clickjacking For Shells - wiki.owasp.org › images › 3 › 31 › OWASP_NZ_SEP...Clickjacking For Shells OWASP Wellington, New Zealand Chapter Meeting September 2011 PDF Version
Documents
PowerPoint Presentation€¦ · How to protect your web application from clickjacking What is Clickjacking? Clickjacking is an exploit that fools a web site user to interact with
PowerPoint Presentation€¦ · How to protect your web application from clickjacking What is Clickjacking? Clickjacking is an exploit that fools a web site user to interact with
Documents
Busting Frame Busting: a Study of Clickjacking ...seclab.stanford.edu/websec/framebusting/framebust.pdf · Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular
Busting Frame Busting: a Study of Clickjacking ...seclab.stanford.edu/websec/framebusting/framebust.pdf · Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular
Documents
Clickjacking (UI Redressing)pages.cpsc.ucalgary.ca/~joel.reardon/526/notes/slide-18-clickjacking… · for clickjacking, it means changing the UI after the user decides to click but
Clickjacking (UI Redressing)pages.cpsc.ucalgary.ca/~joel.reardon/526/notes/slide-18-clickjacking… · for clickjacking, it means changing the UI after the user decides to click but
Documents
Clickjacking: An empirical study with an automated testing ...Clickjacking is not among the preferred attack vector adopted by miscreants on the Internet It is complicated to setup
Clickjacking: An empirical study with an automated testing ...Clickjacking is not among the preferred attack vector adopted by miscreants on the Internet It is complicated to setup
Documents
Server-side approaches to clickjacking detectionthe-eye.eu/public/Site-Dumps/index-of/index-of.co.uk/Clickjacking/Server-side... · •What if rivals mount clickjacking campaigns
Server-side approaches to clickjacking detectionthe-eye.eu/public/Site-Dumps/index-of/index-of.co.uk/Clickjacking/Server-side... · •What if rivals mount clickjacking campaigns
Documents
Clickjacking DevCon2011
Clickjacking DevCon2011
Technology
Network Security and Privacy - cs.utexas.edushmat/courses/cs378_spring09/clickjack.pdf · Clickjacking in the Wild Google search for “clickjacking” returns 624,000 results…
Network Security and Privacy - cs.utexas.edushmat/courses/cs378_spring09/clickjack.pdf · Clickjacking in the Wild Google search for “clickjacking” returns 624,000 results…
Documents
New Computer Security Threat - ClickJacking
New Computer Security Threat - ClickJacking
Documents
Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread
Web Security Attack Trends & Case Sharingindex-of.co.uk/Various/20100720_01.pdf · 2019. 3. 7. · Page 6 And now… Social Engineering trick allowed a clickjacking worm to spread
Documents
UI Redressing and Clickjacking: About click fraud and data ... · Clickjacking Tool Attack vectors Classic clickjacking Advanced attacks Clickjacking and XSS Clickjacking and CSS
UI Redressing and Clickjacking: About click fraud and data ... · Clickjacking Tool Attack vectors Classic clickjacking Advanced attacks Clickjacking and XSS Clickjacking and CSS
Documents
Clickjacking: Attacks and Defenses - USENIX...Defining clickjacking • Prerequisite: multiple mutually distrusting applications sharing the same display • An attack application
Clickjacking: Attacks and Defenses - USENIX...Defining clickjacking • Prerequisite: multiple mutually distrusting applications sharing the same display • An attack application
Documents
More attacks on Clients: Clickjacking/UI redressing, CSRF · 2015-04-07 · More attacks on Clients: Clickjacking/UI redressing, CSRF (Section 7.2.3 on Clickjacking; Section 7 2 7
More attacks on Clients: Clickjacking/UI redressing, CSRF · 2015-04-07 · More attacks on Clients: Clickjacking/UI redressing, CSRF (Section 7.2.3 on Clickjacking; Section 7 2 7
Documents