HTTPS clone URL
Subversion checkout URL
Clickjacking demos prepared for DevCon2011
These are the demos prepared for my session on clickjacking - "It is this easy to steal your click!" for DevCon 2011 (http://mugh.net/devcon/Agenda.html), Microsoft Hyd. Slides can be found here: http://www.slideshare.net/novogeek/clickjacking-devcon2011 Regarding the code, the files attack0-3.htm contains iframes which point to a genuine webpage (e.g., like the one located in "Genuine" directory). Make sure the url in iframe is right and demo should work perfectly. The genuine webpage has a vote button (The idea is to mimic facebook like button). It increments vote count on every click, stores the value in session and displays it on screen. We will frame this genuine page and trick the user to click the vote button. Vote count displayed on screen will show that the button is clicked. Live demo at: http://labs.novogeek.com/DevCon2011/clickjack/ I have written a jQuery plugin (js/clickjack.js) to ease clickjacking ;) It just accepts a URL to be iframed and puts the target page under the cursor! Yay!!