Chapter 5- Attack Execution the client P a g e | 93
5.7 Clickjacking
Figure 35: clickjacking concept
Clickjacking sometimes also named UI redressing also goes under the trickery type of attacks where attacker trick the victim to click on malicious link situated on a transparent page over a page on the site. Attack requirement: For successful attack A. victim should be logged to the sensitive website. B. The victim should access a page on the attacker site
Attack process A. The attacker creates a transparent Iframe on his page and load the page the user logged on with sensitive action. B. The attacker is hiding the iframe using JavaScript and CSS C. The victim cannot see the overlaying page and try to interact with the visible page.
D. The attacker has the buttons and clicks designed to be clicked in a sequence that helps the attacker to execute the malicious action on the hidden page.