Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Clickjacking demos prepared for DevCon2011
JavaScript
Tree: 393bc4829c

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
Genuine
css
js
README
attack0.htm
attack1.htm
attack2.htm
attack3.htm

README

These are the demos prepared for my session on clickjacking - "It is this easy to steal your click!" for DevCon 2011 (http://mugh.net/devcon/Agenda.html), Microsoft Hyd. Slides can be found here: http://www.slideshare.net/novogeek/clickjacking-devcon2011

Regarding the code, the files attack0-3.htm contains iframes which point to a genuine webpage (e.g., like the one located in "Genuine" directory). Make sure the url in iframe is right and demo should work perfectly. 

The genuine webpage has a vote button (The idea is to mimic facebook like button). It increments vote count on every click, stores the value in session and displays it on screen. We will frame this genuine page and trick the user to click the vote button. Vote count displayed on screen will show that the button is clicked. 

Live demo at: http://labs.novogeek.com/DevCon2011/clickjack/ 

I have written a jQuery plugin (js/clickjack.js) to ease clickjacking ;) It just accepts a URL to be iframed and puts the target page under the cursor! Yay!!
Something went wrong with that request. Please try again.