Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Clickjacking demos prepared for DevCon2011
Latest commit 393bc48 @novogeek Updated text


These are the demos prepared for my session on clickjacking - "It is this easy to steal your click!" for DevCon 2011 (, Microsoft Hyd. Slides can be found here:

Regarding the code, the files attack0-3.htm contains iframes which point to a genuine webpage (e.g., like the one located in "Genuine" directory). Make sure the url in iframe is right and demo should work perfectly. 

The genuine webpage has a vote button (The idea is to mimic facebook like button). It increments vote count on every click, stores the value in session and displays it on screen. We will frame this genuine page and trick the user to click the vote button. Vote count displayed on screen will show that the button is clicked. 

Live demo at: 

I have written a jQuery plugin (js/clickjack.js) to ease clickjacking ;) It just accepts a URL to be iframed and puts the target page under the cursor! Yay!!
Something went wrong with that request. Please try again.