sankaa

clickjacking

What is clickjacking ?

Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.

Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.

The invisible page could be a malicious page, or a legitimate page the user did not intend to visit – for example, a page on the user’s banking site that authorizes the transfer of money.

Clickjacking categories: [TBD]

  • Classic: works mostly through a web browser
  • Likejacking: utilizes Facebook’s social media capabilities
  • Nested: clickjacking tailored to affect Google
  • Cursorjacking: manipulates the cursor’s appearance and location
  • MouseJacking: inject keyboard or mouse input via remote RF link
  • Browserless: does not use a browser
  • Cookiejacking: acquires cookies from browsers
  • Filejacking: capable of setting up the affected device as a file server Password manager attack: clickjacking that utilizes a vulnerability in the autofill capability of browsers

Reference:

https://www.techopedia.com/definition/13584/clickjacking

https://www.spiceworks.com/it-security/web-security/articles/what-is-clickjacking/

https://en.wikipedia.org/wiki/Clickjacking

https://www.imperva.com/learn/application-security/clickjacking/#:~:text=Clickjacking%20is%20an%20attack%20that,money%2C%20or%20purchase%20produ

Santhiya Govindarajan

Leave a comment

Design a site like this with WordPress.com
Get started