How to do ClickJacking Attack? (Video & Script included)




What is click jacking?
Clickjacking is the process of hijacking a user's click in a web browser and redirect it to do an entirely different action than desired by the user naturally. The way this is done is by creating a visual illusion i-e victim is fooled in another way, where the user is not able to see the real item he is clicking, instead he is made to believe that he clicking something entirely different. 

A hacker accomplishes this by creating a transparent iframe which contains the target page in which there is an item he wants the victim to click (like cookies stealer script, phishing page etc). He then embeds this iframe into a malicious page controlled by him. When a user visits this malicious page, the hacker makes the iframe always hover under the user's mouse. As the iframe is transparent the user is never able to see it and thus clicks on one of the items in the malicious page. This click actually happens on the target item, in the target page. Thus the user is tricked into clicking something he never meant to. 

Also used for earning purpose:

Some people embed ads hidden in front page, or behind a hot spot so that according to viewer he is clicking the hot spot but infact he is clicking ads behind it. This is also the use of two layers at a time. See example below you will know what i am saying, the purpose of HT is to share new information readily.

Example:




Now, if transparency is vanished by hackers, then you might not know what you are clicking, and thats the base for click jacking.

How its done:
Its bit difficult for me to explain, LOL, but lets give a try, First of all download the script below:

Download Script(Click me)

Modifying the script to work,
Now, in the orignal script the url below the first layer as shown in the video is www.hackersthirst.com,
on taking the mouse over you won't see hackersthirst.com beacuse opacity is "0" and i have vanished opacity. Now, how to change the opacity,In orignal case the script is like below(as you downloaded):

So, opacity is zero (You have to play with the onmouseover opacity don't play with onmouseout), Inorder to see what is behind the first layer then change opacity value from "0" to ".5" like this:
Now, open the script after saving it in browser, and just like in video hover over mouse and you will see sublayer behind.

After this set the html image, script , url , ads after the first layer, I have used hackersthirst.com as the secondary layer, inorder to change it edit the script again and find www.hackersthirst.com as shown in pic:
now, change it to any external page, and embed ads and anything in that external page, Change the opacity back to "0" , and send it to victim now if he opens then victim will actually clicking first layer but infact action is taken in the second layer. So, we are making use of illusion.

So, thats it Share to friends to make them safe from such attacks. A PPC script was made by hacker but its copies were provided to 7 people only.That was for ads clickjacking purpose.