“Click Jacking” commonly refers to “UI Redressing Attack” in the field of Information Security.

It is a browser based vulnerability, since it is browser based vulnerability which could affect any user, regardless of their OS.

The intention is clear, getting the user to click on a link which the publisher/attacker would like to get hits on, but not exactly what the user wanted to do

The publisher/attacker uses CSS and iFrame  to place an invisible content over visible buttons of frame or links. When the user clicks the button or link the click gets redirected to whatever is in the invisible layer above it!!

Challenge

Simple Example of ClickJacing

<style>

iframe {   width:300px;

height:100px;

position:absolute;

top:0; left:0;

filter:alpha(opacity=50); /* in real life opacity=0 */

opacity:0.5; }

</style>

<div>Click on the link to get rich now:</div>

<iframe src=”/files/tutorial/window/clicktarget.html”></iframe>/*The user clicks the below and this malicious URL gets invoked  an user will think he has clicked on below link google.com*/

<a href=”http://www.google.com” target=”_blank” style=”position:relative;left:20px;z-index:-1″>CLICK ME!</a>/*This link user will click*/

<div>You’ll be rich for the whole life!</div>

 

The overall idea is simple.

  1. A visitor goes to evil page. No matter how. “Click to get 1000000$” or whatever.
  2. The evil page puts a “AVAIL YOUR OFFER NOW” link with z-index=-1.
  3. The evil page includes a transparent iframe from the victim domain, say www.xyz.com and positions it so that “I like it” button is right over the link.

We were successfully able to mitigate the risk of Clickjacking for one of our Client, a Computer Security Corporation who offers their services to Large Telecom firms.

 

Solution

We could use two different methods to prevent clickjacking:

Sending the proper X-Frame-Options HTTP response headers that instruct the browser not to allow framing from other domains

Employing defensive code in the UI to ensure that the current frame is the most top level window.

Leave a Reply