Dear Readers: HWS has recently started a new project for the students of engineering ====> The Engineering Projects


Write at HWS !!!

Guest Posting

Wednesday, August 1, 2012

Click Jacking Attack


Definition

"Clickjacking is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages."

Introduction

A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.
The long list of vulnerabilities involves browsers, Web sites and plug-ins like Flash."

How It Works?

ClickJacking is a little bit difficult to explain however try to imagine any button that you see in your browser from the Wire Transfer Button on your Bank, Post Blog button on your blog, Add user button on your web-site, Google Gadgets etc.

ClickJacking gives the attacker to ability to invisibly float these buttons on-top of other innocent looking objects in your browser.

So when you try to click on the innocent object, you are actually clicking on the malicious button that is floating on top invisibly.

In other words, the attack is thrown by a malicious web page embedding objects, possibly from a different site, such as framed documents or plugin content (Flash, Silverlight, Java…) which may lead to unwanted results if clicked by the current user (e.g. a “Delete all messages” button in your webmail or an advertisement banner in a click fraud scheme). Using DHTML, and especially CSS, the attacker can disguise or hide the click target in several ways which go completely undetected by the user, who’s easily tricked into clicking it in a more or less blind way.

JavaScript increases the effectiveness of these attacks hugely, because it can make our invisible target constantly follow the mouse pointer, intercepting user’s first click with no failure.
We can however imagine a few less effective but still feasible scriptless scenarios, e.g. covering the whole window with hidden duplicates of the target or overlaying an attractive element of the page, likely to be clicked (e.g. a game or a porn image link), with a transparent target instance.

Examples

  • Malicious camera spying using Adobe's Flash.
  •  Flash, Java, SilverLight, DHTML Game or Application used to Spy on your Webcam and/or Microphone.
  • The best defense against ClickJacking attacks is to use Firefox with the NoScript add-on installed.    

About the Author

I am XEO Hacker, the founder of Hack With Style (HWS). I am blogging since 2009 before that I just search things and now I am sharing my knowledge through this plateform.I'm also a freelance writer on topics related to Website Hacking,Website Optimization (SEO), blogger customizations and making money online.
In 61 people's circles

Subscribe To Get FREE Tutorials!


Respected Readers:
As a 21 year old student, the only income I rely on is my pocket money. Bearing the running costs of HWS Blog has become really difficult. We educate thousands of bloggers a week with our tutorials. To help us go forward with the same spirit, a small contribution from your side will highly be appreciated.

7 comments:

Hello sir,
I would like to know if you have any scripts for click jacking a webcam and mic....
I have basic knowledge on this topic and have experimented with like jacking a little....
PM to supernovaminus@gmail.com


Very interesting discussion glad that I came across such informative post. Keep up the good work friend. Glad to be part of your net community.

Gold coast golf

Nice post,Everyone , I just thought I'd let you know you can have a talented hacker get your jobs done for you , whatever you need done , reach him on FRANKSHACKS11@gmail.com , let him know Maria told you





- See All Photos Captured.



- Hack facebook messages, viber chats, yahoo messenger.



- Track Line messages and BBM messages.



- Spy SMS text messages remotely.



- Track Call history and Spy Call Recording.



- Read phone contact and Track Internet Browsing History.



- 100% Undetectable and Free Update.



- Track whatsapp messages without rooting.



- Track mobile phone GPS location.

Quantum Binary Signals

Get professional trading signals delivered to your cell phone daily.

Follow our signals today and gain up to 270% a day.

Seeking to join additional affiliate networks?
Visit this affiliate directory to look at the ultimate list of affiliate networks.

Confused? Feel free to ask

Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
Note:-
Please do not spam Spam comments will be deleted immediately upon my review.

Regards,
XEO Hacker

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 

Recent Posts

Join Me On Facebook

700+ Followers

Followers


meet women in Ukraine contatore visite website counter
DMCA.com

Recent Comments

Follow Me On Twitter

1112+ Followers