Researcher shows new clickjacking methods at Black Hat

Discussion in 'other security issues & news' started by JRViejo, Apr 15, 2010.

Thread Status:
Not open for further replies.
  1. JRViejo

    JRViejo Super Moderator

    Jul 9, 2008
    Computerworld Article By Jeremy Kirk.​
  2. CloneRanger

    CloneRanger Registered Member

    Jan 4, 2006

    Thanks for the info :thumb:

    Tried it with IE6, and FF 3.0.13 but it didn't work ? I know it says "works best in Firefox 3.6." Could be me :D


    Clickjacking Tool


    Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

    Although it has been two years since the concept was first introduced, most websites still have not implemented effective protection against clickjacking. In part, this may be because of the difficulty of visualising how the technique works in practice.

    This new browser-based tool allows a user to experiment with clickjacking techniques by using point-and-click to visually select different elements within a webpage to be targeted. The tool also allows several 'next-generation' clickjacking techniques to be used, as introduced in Paul Stone's Blackhat Europe 2010 talk.

    Among the features of the new tool are:

    * Use point-and-click to select the areas of a page to be targeted
    * Supports the new 'text-field injection' technique
    * Supports the new 'content extraction' technique
    * 'Visible mode' replay allowing a user to see how the technique works behind the science
    * 'Hidden mode' replay allows the same steps to be replayed in a hidden manner, simulating a real clickjacking attack.

    The tool is currently in an early beta stage, and works best in Firefox 3.6. Full support for other browsers will follow shortly. For further information, please see the Readme.txt file in the downloadable tool.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.