Description: Clickjacking is the process of hijacking a user's click in a web browser and redirect it to do an entirely different action than desired by the user naturally. The way this is done is by creating a visual illusion, where the user is not able to see the real item he is clicking, instead he is made to believe that he clicking something entirely different.
A hacker accomplishes this by creating a transparent iframe which contains the target page in which there is an item he wants the victim to click. He then embeds this iframe into a malicious page controlled by him. When a user visits this malicious page, the hacker makes the iframe always hover under the user's mouse. As the iframe is transparent the user is never able to see it and thus clicks on one of the items in the malicious page. This click actually happens on the target item, in the target page. Thus the user is tricked into clicking something he never meant to.
Could this be used to hack someone? In this video we see an example of Clickjacking by one of the researchers who discovered it - Jeremiah Grossman. He demonstrates how a user could be tricked to share his microphone and web camera by having him unknowingly click on the Adobe Global Setting Manager. For more detailed info on Clickjacking, please view the original research paper by Robert Hansen and Jeremiah.
Tags: fun ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.