How to do ClickJacking Attack? (Video & Script included)
What is click jacking?
Clickjacking is the process of hijacking a user's click in a web browser and redirect it to do an entirely different action than desired by the user naturally. The way this is done is by creating a visual illusion i-e victim is fooled in another way, where the user is not able to see the real item he is clicking, instead he is made to believe that he clicking something entirely different.
A hacker accomplishes this by creating a transparent iframe which contains the target page in which there is an item he wants the victim to click (like cookies stealer script, phishing page etc). He then embeds this iframe into a malicious page controlled by him. When a user visits this malicious page, the hacker makes the iframe always hover under the user's mouse. As the iframe is transparent the user is never able to see it and thus clicks on one of the items in the malicious page. This click actually happens on the target item, in the target page. Thus the user is tricked into clicking something he never meant to.
Also used for earning purpose:
Some people embed ads hidden in front page, or behind a hot spot so that according to viewer he is clicking the hot spot but infact he is clicking ads behind it. This is also the use of two layers at a time. See example below you will know what i am saying, the purpose of HT is to share new information readily.
Example:Now, if transparency is vanished by hackers, then you might not know what you are clicking, and thats the base for click jacking.
How its done:
Its bit difficult for me to explain, LOL, but lets give a try
Modifying the script to work, Now, in the sample script the url below the first layer as shown in the video is www.hackersthirst.com, on taking the mouse over you won't see hackersthirst.com beacuse opacity is "0" and we have vanished opacity for tutorial purpose. Now, how to change the opacity, In orignal case the script would be like below:
So, opacity is zero (You have to play with the onmouseover opacity don't play with onmouseout), Inorder to see what is behind the first layer then change opacity value from "0" to ".5" like this:
Now, after opening the script after saving it in browser, and just like in video hover over mouse and you will see sublayer behind.
After this set the html image, script , url , ads after the first layer, I have used hackersthirst.com as the secondary layer, inorder to change it edit the script again and find www.hackersthirst.com as shown in pic:
now, what a hacker does is to change it to any external page, and embed ads and anything in that external page, Change the opacity back to "0" , and send it to victim now if he opens then victim will actually clicking first layer but infact action is taken in the second layer. So, they are making use of illusion.
So, thats it Share to friends to make them safe from such attacks. A PPC script was made by hacker but its copies were provided to 7 people only. That was for ads clickjacking purpose. We came across it on social media and decided to share it with the readers so that they may be aware.
How to remain safe
Check if there are any iframes in the page, this is the only method. Furthermore, a click activity has a thumbnail cursor, so notice any cursor shifts as well while visiting a page. Furthermore, check for website integrity before visit.
Tags: Ethical Hacking
