Embedded Files
Clickjacking is another form of attack to lure user to do unintended action, like being lured into a new site or advertisement. It requires user to perform ordinary actions like clicking a button or a link but a click mechanism masks it, altering the user interface intention.
Description
Description
Clickjacking makes use if invisible <iframe> to place under the commonly clicking user interface object, like button or link. When the user clicks on the UI thinking it was the intended action, he/she clicked the iframe instead, without awareness. Hence, the action got lured into the unintended iframe instead.
Potential Attacking Model
Potential Attacking Model
I/O Manipulation
I/O Manipulation
Clickjacking allows approval for I/O usage in a browser. This happens for Flash plugin sites, like granting camera and microphone usage.
Unintended Data Harvesting
Unintended Data Harvesting
Happens commonly for social media hijacking or propagation, such as increasing like count for group / page / post in Facebook or Twitter.
Best Practices
Best Practices
- EMPLOY UI DEFENSIVE CODES. This set the current frame as top of windows, putting hijacker's iframe to the lowest.
- COMPLY TO PREVENTION GUIDELINES. Available at OWASP: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Page updated
Google Sites
Report abuse