Drag and Drop ClickJacking PoC development assistance tool.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
resources Cleaned up image resources Nov 26, 2015
LICENSE Created LICENSE Nov 26, 2015
README.md Update README.md Sep 23, 2016
index.html code cleanup Nov 27, 2015
oldIndex.html Adding new Jack! Sep 4, 2015
sandbox.html Typo corrections Oct 27, 2015



By Chris Le Roy (@brompwnie) chris@sensepost.com

Black Hat Arsenal


Jack is a web based ClickJacking PoC development assistance tool.

Jack makes use of static HTML and JavaScript.


Jack Contains:

  • resources/**
  • index.html
  • sandbox.html
  • oldIndex.html


Jack is web based and requires either a web server to serve its HTML and JS content or can be run locally. Typically something like Apache will suffice but anything that is able to serve HTML content to a browser will do. Simply download Jack's contents and open "index.html" with your browser locally and Jack is ready to go. Alternatively if you prefer the older UI for Jack, open "oldIndex.html" with your browser for the old UI.


Depending on your setup, you may need to configure your browser to allow Jack to load resources that are being served via encrypted channels.


Jack is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-nc-sa/4.0) Permissions beyond the scope of this license may be available at http://sensepost.com/contact.