Clickjacking also known as UI redressing is one of the common cyber security attacks. In this attack, the end user is given a webpage which looks legitimate and he/she is tricked into clicking on malicious links. But behind the scenes, a specifically crafted page is loaded behind the legitimate looking page. To the end user it feels like, the component in the UI is being clicked, but unfortunately the click is made on the invisible component in the hidden page and the action mapped for that button click will be performed.
How Clickjacking Works?
Clickjacking involves layering a transparent frame (iframe) over a web page that seems harmless to the users. Below is a step-by-step breakdown of how clickjacking operates:
1. Create Fake Page: The attacker creates a page (iphone.php) that tempts the user to click a “Free iPhone” button.
2. Load Hidden Target Page: Behind the fake page, the attacker loads a sensitive page (e.g., bank’s transfer.php) using an iframe, making it invisible with CSS.
3. Use iFrame: The iframe tag embeds the target page inside the fake page (iphone.php).
4. User Clicks Button: The user clicks the “Free iPhone” button, but it’s mapped to the hidden transfer.php page.
5. Perform Malicious Action: The hidden page performs malicious actions like transferring funds from the user’s account.
6. Outcome: The user unknowingly triggers actions on a different page, leading to unauthorized actions like financial transfers.
Why Clickjacking Works?
- It manipulates the user’s click to interact with a hidden page.
- Simple to execute with basic HTML knowledge.
- Many organizations don’t consider it a serious vulnerability, despite its risk.
Types of Clickjacking
Clickjacking takes advantage of web technologies to trick users into clicking on something harmful without knowing it. As web tools evolve, so do way attackers make benefit of them. Here are the most common types of clickjacking attacks:
Transparent Overlay
The hidden malicious page in placed beneath the real page, which won’t let the user know what link they’re actually clicking upon. The real page here is loaded into the iframe.
Cropping
Cropping is more complicated than transparent overlay where, only a few parts of the malicious page are placed over the real page. These parts could be buttons, links or images.
For example, they could:
- Replace normal links with redirects to harmful sites.
- Change button text to confuse the user.
- Alter content in ways that mislead the victim.
Hidden Overlay
A tiny hidden box (like 1×1 pixel) is placed under your mouse. When you click, you’re clicking something you can’t see and any clock by the user will now redirect them to the malicious page.
Click Event Dropping
In this type of clickjacking the attackers the value of CSS pointer-events to none due to which they seem to be non-functional, but beneath the website they’re actually clicking in the malicious page.
Rapid Content Switch
This method is used by attackers who understand user behavior and interface design. They briefly remove an overlay so a hidden button can be clicked, and then replace it almost instantly. The change is so quick that users may not realize they clicked on something malicious.
In this method, the attacker creates what looks like a pop-up or dialog box with a button that’s not completely visible on the screen. The button actually leads to a malicious page. This trick may fail if the user has an ad blocker or pop-up blocker enabled.
Protection from Clickjacking
Clickjacking is a serious threat, but it can be prevented using technical and behavioral measures. Website developers and end-users both play a role in preventing such attacks. Below are strategies, including HTTP headers and safe browsing practices, to protect against clickjacking attempts.
1. Prevent Framing of Content:
- Ensure that content on your website is not loaded inside an iframe. This can be done by setting the
X-Frame-Options response header to control how the page is framed.
- The
X-Frame-Options header can have three possible values:
- DENY: Prevents the page from being loaded inside any frame, even if it’s hosted on your own website.
Example: X-Frame-Options: DENY
- SAMEORIGIN: Allows the page to be loaded in a frame, but only if the page is hosted on the same domain.
Example: X-Frame-Options: SAMEORIGIN
- ALLOW-FROM URI: Allows the page to be loaded inside a frame from a specific, trusted domain.
Example: X-Frame-Options: ALLOW-FROM https://trustedsite.com
3. Workarounds for Multiple Domains:
- Although the
ALLOW-FROM header doesn’t support multiple domains natively, you can implement workarounds by creating unique endpoints or URLs for each trusted domain, and configuring the X-Frame-Options header for each one.
4. End-User Precaution:
- As an end-user, be cautious when clicking on components in ads or spam pages, and avoid opening emails from untrusted sources to reduce the risk of falling victim to a clickjacking attack.
Conclusion
Clickjacking is a deceptive and dangerous cyber attack where an attacker manipulates the user’s actions by hiding malicious pages behind seemingly legitimate ones. In this attack, a user believes they are clicking on a harmless component, but in reality, they are unknowingly performing actions on a hidden page, such as transferring funds or divulging sensitive information. Despite its simplicity and potential risk, many organizations overlook clickjacking vulnerabilities, leaving their systems exposed.
However, preventing clickjacking is possible by implementing proper protective measures. Ensuring that content is not loaded in iframes and setting the X-Frame-Options header with appropriate values can help protect against these attacks. Additionally, users should be cautious when interacting with unfamiliar ads or spam pages, especially when receiving unsolicited emails.
Similar Reads
What is DNS Hijacking?
DNS hijacking mostly occurs when DNS requests are incorrectly resolved, and redirect users to malicious websites. It is also known as DNS redirection. This happens when a hacker controls a DNS server and redirects traffic to a fake DNS server. The server then transforms a legitimate IP address into
5 min read
What is Cookie Hijacking?
Cookie Hijacking is a method by which webmasters break into other websites to steal cookies. This allows them to watch the victim's browsing activity, log their keystrokes, gain access to credit card information and passwords, and more For example, Suppose you log into your online banking account or
10 min read
What is Click Fraud?
Click fraud happens when someone clicks on online ads many times on purpose, not because they're interested. They often use computer programs called click bots to do this automatically. These bots pretend to be real people visiting websites and clicking on ads. They can click much faster than a real
7 min read
TCP/IP Hijacking
TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a communication protocol by which network devices interconnect on the internet and communicate with each other. The TCP protocol is used with an IP protocol, so both of them together are referred to as a TCP/IP. TCP/IP lies bet
3 min read
What is Pastejacking?
Some Bad people on the internet keep finding new ways to trick us and steal our information. There are two tricks they use are called PasteJacking and Clipboard Hijacking. These are some ways to take what we copy and paste onto our computers and use it to cause problems. In this guide, we will talk
7 min read
Clickjacking / UI Redressing
Clickjacking also known as UI redressing is one of the common cyber security attacks. In this attack, the end user is given a webpage which looks legitimate and he/she is tricked into clicking on malicious links. But behind the scenes, a specifically crafted page is loaded behind the legitimate look
5 min read
What is Windows Hacking ?
Windows OS is a graphical user interface (GUI) operating system developed by Microsoft. It was first released in 1985 as an add-on for MS-DOS, which was the most popular version of MS-DOS at that time. In its early days, Windows OS was known as “Microsoft DOS†or “MS-DOS†and later on it became know
6 min read
What is a hacker?
A Hacker with computer skills may as well hack into a system or network without permission. For instance, hackers can take advantage of this by stealing information, interfering with services, and exposing the weaknesses in security systems. Hacking may also result in breaches of data, and financial
9 min read
What is Browser Hijacking Software?
Browser hijacking software is a term used to describe a type of malicious software designed to take control of the user's browser, in order to alter their internet experience. The typical way this software works is by changing the search engine that is shown on a person's homepage and offering them
3 min read
JSON Hijacking
JSON(JavaScript Object Notation) denotes standard text-based-data format . It is widely used to provide a support mechanism between the server and the web application for the transmission of data. JSON Hijacking is a kind of network security attack. In this attack, an attacker targets a system that
10 min read