Clickjacking

👉 Overview

👀 What ?

Clickjacking, also known as User Interface redress attack, is a malicious technique that tricks a user into clicking on something different from what the user perceives, potentially compromising their personal information and security.

🧐 Why ?

Clickjacking is a significant security concern because it manipulates users into performing actions they didn't intend to, which can lead to severe consequences such as identity theft, financial loss, or confidential data breach. It is therefore important to understand how it works and how to protect against it.

⛏️ How ?

Clickjacking is typically executed using deceptive web elements such as hidden buttons, disguised links or invisible iframes. To protect against clickjacking, users should keep their software updated, use security extensions, and be cautious when interacting with unknown websites or clicking on suspicious links.

⏳ When ?

The term 'clickjacking' was first coined in 2008 by security researchers Robert Hansen and Jeremiah Grossman. The technique has been widely used in cyberattacks since then.

⚙️ Technical Explanations

Clickjacking works by overlaying a malicious interface over a webpage. The attacker uses CSS to make this interface invisible to the user, who then clicks on the hidden interface believing they are interacting with the legitimate site. This could lead to unintended actions such as posting personal information, making purchases, or downloading malware. Defending against clickjacking involves several techniques, including framebusting scripts, X-Frame-Options HTTP response headers, and Content Security Policy (CSP).

Class Pollution Pythons Prototype Pollution

Client Side Path Traversal