Home Did you know ? Web Applications Attacks: Clickjacking
Did you know ?How To

Web Applications Attacks: Clickjacking

by Unallocated Author
written by Unallocated Author

Clickjacking attack is also known as a “UI redress”, is when an attacker uses various transparent or opaque layers to fool a victim into clicking on a button or link on another page when they were expecting to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to another web page.

In its basic form, a UI redress attack involves the attacker’s web page loading the target application within an iframe on the attacker’s page. In effect, provided by the attacker. The attacker’s interface includes content to attract the
user and induce him to do actions such as clicking the mouse in a particular area of the web page.

When the user makes these actions, although it appears that he is clicking the buttons and other UI elements that are visible in the attacker’s interface, he is unwittingly interacting with the interface of the application that is being targeted.

For example, assume a banking function to execute a payment transfer requires two steps. In the first step, the user submits the details of the transfer. The response to this request displays these details, and also a button to verify the action and make the payment. Furthermore, in an attempt to prevent CSRF attacks, the form in the response includes a hidden field containing a random token. This token is submitted when the user clicks the Verify button and the application verifies its value before transferring the funds.

In the Clickjacking attack, the attacker’s page submits the first request in this process using conventional CSRF. This is done in an iframe within the attacker’s page. As it does normally, the application responds with the details of the user to be added and a button to verify the action. This response is “displayed” within the attacker’s iframe, which is covered with the attacker’s interface designed to induce the victim to click the region containing the verify button. When the user clicks in this region, he is unwittingly clicking the verify button in the target application, so the new user gets created.

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

You may also like

WordPress PWA – how to protect your Progressive...

The Future of Automated Testing with DAQ

Concerned About Your Online Privacy in 2024? You...

Safeguarding ERP Systems in the Digital Age: The...

How Artificial Intelligence Technology Affects Fintech Companies &...

Mitigating the Impact of Data Breaches Through DDR

“Let’s Get the Third Party Started In Here,”

Exploring HelpWire: A New Option in Free Remote...

Understanding Cybersecurity Basics for Businesses

Evolving Trends in Cloud Data Protection for 2024