Clickjacking - Hacking Web Application UIs
Key Takeaways
The video discusses clickjacking, a type of cyber attack that involves hacking web application UIs, and provides a primer, lab, and further reading on the topic.
Full Transcript
click tracking or UI redressing is a technique that tricks users into clicking on unintended elements and in this video we're going to break down how this attack works and solve a lab as always if you enjoyed the video don't forget to like And subscribe and let's dive straight in the core components of Click jacking is the use of iframes this is an HTML element that allows the embedding of an external web page within the current page even now I'm sure you can imagine how that might be dangerous to pull off this attack though we overlay the content of a legitimate website with malicious contents essentially creating a frame around what the user can see this technique is called Framing and with a little CSS to modify the transparency a user will think that they're clicking on something legitimate but actually interacting with the content of the iframe there are some famous examples of this attack both Facebook and Twitter have had their like and follow buttons click jacked and also steam had a fake login page that was laid over the top of the real login page to capture credentials but clickjacking attacks are often subtle and go unnoticed so it's likely that there are also many undocumented cases now whilst this attack might not be something that you see very often it's important as whether pen testers or security Engineers to understand the context in which this attack can appear if you want to understand how to defend against this attack it's worth checking out the x-frame options and CSP headers now let's take a look at the lab so here we are at the portsmoker Academy and it says that this lab contains login functionality and a delete accounts button that is protected by a cross-site request forgery token a user will click on elements that display the word click on a decoy website to solve the lab craft some HTML that frames the account page and fools the user into deleting their accounts the lab is solved when the account is deleted and we have some credentials of our own as well so let's dive in so here we have our lab and all we're going to do is click my accounts and log in with Vena and Peter and we can see we have the account page and this delete Account button is what we're targeting so if we head to the exploit Setter the first thing we want to set up is we need an iframe so we're just going to go iframe Source equals and we'll use the link from the my accounts page and if we click view exploit you'll see that we do indeed get this iframe so let's come back and style this a little bit so we're just going to come to the top open up some CSS and then we're going to do iframe like this so in here we want a position so I'm just going to use position relative and then give it a width of a thousand pixels because it was a little small and a height of a thousand pixels as well and then I want to set the opacity to 0.1 and then I'm going to set the Z index to 2 as well and this is because we're going to set the Z index of the div or the item that we want our user to focus and click on to the Z index of one so we can click view exploits again and we can see just about that we have our page and it actually is asking us to log in so I'm just gonna log in with our credentials again so that we can see the account page obviously when the user loads this they'll already have their session token so they'll hit the account page rather than login page but in our case we just needed to log in so I'm just going to come back and if I change the opacity to let's say 0.5 you can probably see this a little bit more clearly so let's leave it at that now here we want to Overlay The Click me div over the account button so let's start by adding the div click me click view again and you can see it appears at the top so we need to style this and this time what we're going to do is we're going to position it absolute so position absolute and then we're going to say top 100 pixels and then left let's say 50 pixels and see where it is on the page and you can see it lands a little bit here so we need it to be much further down so I'm just going to come back change this to 500 click View and it's very very close so I'm just going to give it an extra 20 pixels and I think that's about close enough so if you notice when we hover over click me the icon changes so that if you click on this it's actually going to click the delete accounts button but obviously we don't want to delete our own account so I'm not going to go ahead and click it just yet so next up all we do is we click store and then we click deliver exploit to victim and we get a congratulations you solved the lab so that was fairly straightforward but in reality we may have to work a little bit harder to entice our users so there's actually a tool that we can use that is built into web Suite where we can test and quickly create payloads so all I'm going to do is come over to burp Suites and click burp and click click Bandit and here we have a tool for generating click jacking attacks so the steps to do this are to copy the click Bandit to clipboard we paste it into the page in our browser and then we follow the on-screen instructions so here I'm just going to copy click Bandit to clipboard come back to our page and I'm going to come to the my account page hit Ctrl shift C come over to console and just paste here and click enter now I'm going to close the console and you can see that we have a new Banner at the top so I'm just going to click disable click actions because I want to be able to click the delete Account button without actually deleting our accounts and then I'm going to click Start and here I just come through and I click home my accounts log out update email and delete accounts and then just click finish and what it's going to do it's going to go through and test this so we can click click click click click and we see that we have pin click jacked and here if we want to save the payload to review and tweak probably a little bit and carry out the attack we can just click save and we can save the HTML document to our file system so in our lab our user was a little bit of a dummy they're going to click on anything that has the keyword click in it in reality of course we might need to try a little bit harder to entice our users but this was still a good demo of how to pull off this attack there are plenty more Labs available such as click tracking with pre-filled input forms bypassing frame busting scripts and combining click jacking and cross-site scripting so check those out if you want to learn more there's also a great post over on the author blog that I'd recommend checking out and of course clickjacking is covered by the owasp cheat sheet series a resource that we've mentioned once or twice in our more recent videos all in all if you're interested in attacking users it's definitely a technique that's worth investigating further and that's it for this video as always don't forget to like And subscribe and if you have an idea for a topic you'd like to see in the future then leave it in the comments below catch you next time
Original Description
00:00 Intro
00:15 Clickjacking primer
01:28 Clickjacking lab
05:39 Clickbandit
07:03 Further reading
07:48 Outro
Pentests & Security Consulting: https://tcm-sec.com
Get Trained: https://academy.tcm-sec.com
Get Certified: https://certifications.tcm-sec.com
Merch: https://merch.tcm-sec.com
Sponsorship Inquiries: info@thecybermentor.com
📱Social Media📱
___________________________________________
Twitter: https://twitter.com/thecybermentor
Twitch: https://www.twitch.tv/thecybermentor
Instagram: https://instagram.com/thecybermentor
LinkedIn: https://www.linkedin.com/in/heathadams
TikTok: https://tiktok.com/@thecybermentor
Discord: https://discord.gg/tcm
💸Donate💸
___________________________________________
Like the channel? Please consider supporting me on Patreon:
https://www.patreon.com/thecybermentor
Support the stream (one-time): https://streamlabs.com/thecybermentor
Hacker Books:
Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX
The Hacker Playbook 3: https://amzn.to/34XkIY2
Hacking: The Art of Exploitation: https://amzn.to/2VchDyL
The Web Application Hacker's Handbook: https://amzn.to/30Fj21S
Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe
Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx
Linux Basics for Hackers: https://amzn.to/34WvcXP
Python Crash Course, 2nd Edition: https://amzn.to/30gINu0
Violent Python: https://amzn.to/2QoGoJn
Black Hat Python: https://amzn.to/2V9GpQk
My Build:
lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV
darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1
EVGA 2080TI: https://amzn.to/30d2lj7
MSI Z390 MotherBoard: https://amzn.to/30eu5TL
Intel 9700K: https://amzn.to/2M7hM2p
G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb
Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK
Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or
CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P
Sennheiser RS 175 RF Wireless Headphones:
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
Writing a Pentest Report
The Cyber Mentor
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
Top 5 Internal Pentesting Methods
The Cyber Mentor
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Bonzo Lend Loses $9 Million to Oracle Manipulation on Hedera Network
Dev.to · Codego Group
BroncoCTF : Atomic Substitution Theory Writeup
Dev.to · Yogeshwar Peela
The Invisible Arms Race: How the World’s Biggest Defense Companies Are Building the Future of Cyber…
Medium · Cybersecurity
BronocCTF : Proper Pwning Writeup
Dev.to · Yogeshwar Peela
Chapters (6)
Intro
0:15
Clickjacking primer
1:28
Clickjacking lab
5:39
Clickbandit
7:03
Further reading
7:48
Outro
🎓
Tutor Explanation
DeepCamp AI