Clickjacking demos prepared for DevCon2011
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
Genuine Adding genuine web pages. Basically, these are the pages which are fr… Nov 2, 2011
css Initial commit. Nov 2, 2011
js Initial commit. Nov 2, 2011
README Updated text Nov 2, 2011
attack1.htm Initial commit. Nov 2, 2011
attack2.htm Initial commit. Nov 2, 2011
attack3.htm Initial commit. Nov 2, 2011


These are the demos prepared for my session on clickjacking - "It is this easy to steal your click!" for DevCon 2011 (, Microsoft Hyd. Slides can be found here:

Regarding the code, the files attack0-3.htm contains iframes which point to a genuine webpage (e.g., like the one located in "Genuine" directory). Make sure the url in iframe is right and demo should work perfectly. 

The genuine webpage has a vote button (The idea is to mimic facebook like button). It increments vote count on every click, stores the value in session and displays it on screen. We will frame this genuine page and trick the user to click the vote button. Vote count displayed on screen will show that the button is clicked. 

Live demo at: 

I have written a jQuery plugin (js/clickjack.js) to ease clickjacking ;) It just accepts a URL to be iframed and puts the target page under the cursor! Yay!!