Wednesday, November 19, 2008

Clickjacking Demo

A lot of buzz were flowing on the net the last few months , about a new type of vulnerability known as "ClickJacking" or "Ui redressing". The vulnerability is a variant of Cross Site Request Forgery (CSRF). The idea is simple, here is an explanation found in

"The basic idea is that an attacker loads the content of an external site into the site you’re visiting, sets the external content to be invisible and then overlays the page you’re looking at. When you click a link you see on the current page, you are in fact clicking on the externally loaded page and about to load pretty much whatever the attacker wants."

Well it seems pretty easy and clear, but if you want to see an attack in action, you have to check this GUYA.NET, where an attacker controls the camera of the victim, through a ClickJacking attack.

Some of you might be wondering how can you protect against it? The last version of NoScript (a Firefox Plugin that provides protection against XSS) adds protection to ClickJacking.

Be careful where you click ;)


No comments:

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...