What is Clickjacking ❓ Definition and Prevention techniques

What precisely is clickjacking, and how can it work?

Types of clickjacking

  • Complete Transparent Overlay
  • Hidden overlay
  • Cropping
  • Click event dropping
  • Rapid substance replacement
  • Scrolling
  • Drag-and-drop
  • Repositioning

A simple example of clickjacking

<head>
<style>
#target_website {position:relative;width:128px;height:128px;opacity:0.00001;z-index:2;}
#decoy_website {position:absolute;width:300px;height:400px;z-index:1;} </style>
</head>
...
<body>
<div id="decoy_website">
...bait web content here...
</div>
<iframe id="target_website" src="https://defenseless website.com">
</iframe>
</body>

How can I prevent clickjacking?

  • Prevent Framing
  • X-Frame-Options
  • Add Framekiller to site
  • Content Security Policy (CSP)
  • Install program expansions
  • Frame busting scripts
<script> in the event that (top != window) {top.location = window.location; } </script>
<script> window.onbeforeunload = work() {return bogus;}; </script>
<iframe id="decoy_webpage" src="https://pantomime website.com" sandbox="allow-scripts award structures permit same-origin"> </iframe>

--

--

--

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Protect Your Android Phone From Theft 🛡

WordPress WP-VCD malware attack — Comprehensive Guide & Solution

Four Ways CSPi Can Help Take Your SIEM Security Solution’s Effectiveness to the Next Level

Fake Tokens Continue to Plague Uniswap

Freedom or control — Free TON

10 Tips to Get KYC Verified on Red Kite

[Phishing Kit] ‘Israel’ Outlook Web App credentials stealer

{UPDATE} Driving Academy UK: Car Games Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ivan Novikov

Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

More from Medium

Tips & Tricks for Applications of Derivatives, Class 12th that’ll help you ace!

What is a Supply Chain Attack ❓

HOW TO CHOOSE A SENSOR FOR YOUR TELEMETRY SYSTEM?

Random Thoughts on Chinese New Year