Clickjacking - Hacking Web Application UIs

The Cyber Mentor · Beginner ·🔐 Cybersecurity ·3y ago

Key Takeaways

The video discusses clickjacking, a type of cyber attack that involves hacking web application UIs, and provides a primer, lab, and further reading on the topic.

Full Transcript

click tracking or UI redressing is a technique that tricks users into clicking on unintended elements and in this video we're going to break down how this attack works and solve a lab as always if you enjoyed the video don't forget to like And subscribe and let's dive straight in the core components of Click jacking is the use of iframes this is an HTML element that allows the embedding of an external web page within the current page even now I'm sure you can imagine how that might be dangerous to pull off this attack though we overlay the content of a legitimate website with malicious contents essentially creating a frame around what the user can see this technique is called Framing and with a little CSS to modify the transparency a user will think that they're clicking on something legitimate but actually interacting with the content of the iframe there are some famous examples of this attack both Facebook and Twitter have had their like and follow buttons click jacked and also steam had a fake login page that was laid over the top of the real login page to capture credentials but clickjacking attacks are often subtle and go unnoticed so it's likely that there are also many undocumented cases now whilst this attack might not be something that you see very often it's important as whether pen testers or security Engineers to understand the context in which this attack can appear if you want to understand how to defend against this attack it's worth checking out the x-frame options and CSP headers now let's take a look at the lab so here we are at the portsmoker Academy and it says that this lab contains login functionality and a delete accounts button that is protected by a cross-site request forgery token a user will click on elements that display the word click on a decoy website to solve the lab craft some HTML that frames the account page and fools the user into deleting their accounts the lab is solved when the account is deleted and we have some credentials of our own as well so let's dive in so here we have our lab and all we're going to do is click my accounts and log in with Vena and Peter and we can see we have the account page and this delete Account button is what we're targeting so if we head to the exploit Setter the first thing we want to set up is we need an iframe so we're just going to go iframe Source equals and we'll use the link from the my accounts page and if we click view exploit you'll see that we do indeed get this iframe so let's come back and style this a little bit so we're just going to come to the top open up some CSS and then we're going to do iframe like this so in here we want a position so I'm just going to use position relative and then give it a width of a thousand pixels because it was a little small and a height of a thousand pixels as well and then I want to set the opacity to 0.1 and then I'm going to set the Z index to 2 as well and this is because we're going to set the Z index of the div or the item that we want our user to focus and click on to the Z index of one so we can click view exploits again and we can see just about that we have our page and it actually is asking us to log in so I'm just gonna log in with our credentials again so that we can see the account page obviously when the user loads this they'll already have their session token so they'll hit the account page rather than login page but in our case we just needed to log in so I'm just going to come back and if I change the opacity to let's say 0.5 you can probably see this a little bit more clearly so let's leave it at that now here we want to Overlay The Click me div over the account button so let's start by adding the div click me click view again and you can see it appears at the top so we need to style this and this time what we're going to do is we're going to position it absolute so position absolute and then we're going to say top 100 pixels and then left let's say 50 pixels and see where it is on the page and you can see it lands a little bit here so we need it to be much further down so I'm just going to come back change this to 500 click View and it's very very close so I'm just going to give it an extra 20 pixels and I think that's about close enough so if you notice when we hover over click me the icon changes so that if you click on this it's actually going to click the delete accounts button but obviously we don't want to delete our own account so I'm not going to go ahead and click it just yet so next up all we do is we click store and then we click deliver exploit to victim and we get a congratulations you solved the lab so that was fairly straightforward but in reality we may have to work a little bit harder to entice our users so there's actually a tool that we can use that is built into web Suite where we can test and quickly create payloads so all I'm going to do is come over to burp Suites and click burp and click click Bandit and here we have a tool for generating click jacking attacks so the steps to do this are to copy the click Bandit to clipboard we paste it into the page in our browser and then we follow the on-screen instructions so here I'm just going to copy click Bandit to clipboard come back to our page and I'm going to come to the my account page hit Ctrl shift C come over to console and just paste here and click enter now I'm going to close the console and you can see that we have a new Banner at the top so I'm just going to click disable click actions because I want to be able to click the delete Account button without actually deleting our accounts and then I'm going to click Start and here I just come through and I click home my accounts log out update email and delete accounts and then just click finish and what it's going to do it's going to go through and test this so we can click click click click click and we see that we have pin click jacked and here if we want to save the payload to review and tweak probably a little bit and carry out the attack we can just click save and we can save the HTML document to our file system so in our lab our user was a little bit of a dummy they're going to click on anything that has the keyword click in it in reality of course we might need to try a little bit harder to entice our users but this was still a good demo of how to pull off this attack there are plenty more Labs available such as click tracking with pre-filled input forms bypassing frame busting scripts and combining click jacking and cross-site scripting so check those out if you want to learn more there's also a great post over on the author blog that I'd recommend checking out and of course clickjacking is covered by the owasp cheat sheet series a resource that we've mentioned once or twice in our more recent videos all in all if you're interested in attacking users it's definitely a technique that's worth investigating further and that's it for this video as always don't forget to like And subscribe and if you have an idea for a topic you'd like to see in the future then leave it in the comments below catch you next time

Original Description

00:00 Intro 00:15 Clickjacking primer 01:28 Clickjacking lab 05:39 Clickbandit 07:03 Further reading 07:48 Outro Pentests & Security Consulting: https://tcm-sec.com Get Trained: https://academy.tcm-sec.com Get Certified: https://certifications.tcm-sec.com Merch: https://merch.tcm-sec.com Sponsorship Inquiries: info@thecybermentor.com 📱Social Media📱 ___________________________________________ Twitter: https://twitter.com/thecybermentor Twitch: https://www.twitch.tv/thecybermentor Instagram: https://instagram.com/thecybermentor LinkedIn: https://www.linkedin.com/in/heathadams TikTok: https://tiktok.com/@thecybermentor Discord: https://discord.gg/tcm 💸Donate💸 ___________________________________________ Like the channel? Please consider supporting me on Patreon: https://www.patreon.com/thecybermentor Support the stream (one-time): https://streamlabs.com/thecybermentor Hacker Books: Penetration Testing: A Hands-On Introduction to Hacking: https://amzn.to/31GN7iX The Hacker Playbook 3: https://amzn.to/34XkIY2 Hacking: The Art of Exploitation: https://amzn.to/2VchDyL The Web Application Hacker's Handbook: https://amzn.to/30Fj21S Real-World Bug Hunting: A Field Guide to Web Hacking: https://amzn.to/2V9srOe Social Engineering: The Science of Human Hacking: https://amzn.to/31HAmVx Linux Basics for Hackers: https://amzn.to/34WvcXP Python Crash Course, 2nd Edition: https://amzn.to/30gINu0 Violent Python: https://amzn.to/2QoGoJn Black Hat Python: https://amzn.to/2V9GpQk My Build: lg 32gk850g-b 32" Gaming Monitor:https://amzn.to/30C0qzV darkFlash Phantom Black ATX Mid-Tower Case: https://amzn.to/30d1UW1 EVGA 2080TI: https://amzn.to/30d2lj7 MSI Z390 MotherBoard: https://amzn.to/30eu5TL Intel 9700K: https://amzn.to/2M7hM2p G.SKILL 32GB DDR4 RAM: https://amzn.to/2M638Zb Razer Nommo Chroma Speakers: https://amzn.to/30bWjiK Razer BlackWidow Chroma Keyboard: https://amzn.to/2V7A0or CORSAIR Pro RBG Gaming Mouse: https://amzn.to/30hvg4P Sennheiser RS 175 RF Wireless Headphones:
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from The Cyber Mentor · The Cyber Mentor · 0 of 60

← Previous Next →
1 Buffer Overflows Made Easy - Part 1: Introduction
Buffer Overflows Made Easy - Part 1: Introduction
The Cyber Mentor
2 Buffer Overflows Made Easy - Part 2: Spiking
Buffer Overflows Made Easy - Part 2: Spiking
The Cyber Mentor
3 Buffer Overflows Made Easy - Part 3: Fuzzing
Buffer Overflows Made Easy - Part 3: Fuzzing
The Cyber Mentor
4 Buffer Overflows Made Easy - Part 4: Finding the Offset
Buffer Overflows Made Easy - Part 4: Finding the Offset
The Cyber Mentor
5 Buffer Overflows Made Easy - Part 5: Overwriting the EIP
Buffer Overflows Made Easy - Part 5: Overwriting the EIP
The Cyber Mentor
6 Buffer Overflows Made Easy - Part 6: Finding Bad Characters
Buffer Overflows Made Easy - Part 6: Finding Bad Characters
The Cyber Mentor
7 Buffer Overflows Made Easy - Part 7: Finding the Right Module
Buffer Overflows Made Easy - Part 7: Finding the Right Module
The Cyber Mentor
8 Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
Buffer Overflows Made Easy - Part 8: Generating Shellcode and Gaining Shells
The Cyber Mentor
9 HackTheBox - Sunday Walkthrough (Re-Up)
HackTheBox - Sunday Walkthrough (Re-Up)
The Cyber Mentor
10 Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
Networking for Ethical Hackers - TCP, UDP, and the Three-Way Handshake (Re-Up)
The Cyber Mentor
11 Networking for Ethical Hackers - Network Subnetting (Re-Up)
Networking for Ethical Hackers - Network Subnetting (Re-Up)
The Cyber Mentor
12 Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
Networking for Ethical Hackers - Network Subnetting Part 2: The Challenge (Re-Up)
The Cyber Mentor
13 Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
Networking for Ethical Hackers - Building A Basic Network with Cisco Packet Tracer (Re-Up)
The Cyber Mentor
14 HackTheBox - Fighter Walkthrough (Re-Up)
HackTheBox - Fighter Walkthrough (Re-Up)
The Cyber Mentor
15 Beginner Linux for Ethical Hackers - Navigating the File System
Beginner Linux for Ethical Hackers - Navigating the File System
The Cyber Mentor
16 Beginner Linux for Ethical Hackers - Users and Privileges
Beginner Linux for Ethical Hackers - Users and Privileges
The Cyber Mentor
17 Beginner Linux for Ethical Hackers - Common Network Commands
Beginner Linux for Ethical Hackers - Common Network Commands
The Cyber Mentor
18 Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
Beginner Linux for Ethical Hackers - Viewing, Creating, and Editing Files
The Cyber Mentor
19 Beginner Linux for Ethical Hackers - Controlling Kali Services
Beginner Linux for Ethical Hackers - Controlling Kali Services
The Cyber Mentor
20 Beginner Linux for Ethical Hackers - Scripting with Bash
Beginner Linux for Ethical Hackers - Scripting with Bash
The Cyber Mentor
21 Beginner Linux for Ethical Hackers - Installing and Updating Tools
Beginner Linux for Ethical Hackers - Installing and Updating Tools
The Cyber Mentor
22 Cracking Linux Password Hashes with Hashcat
Cracking Linux Password Hashes with Hashcat
The Cyber Mentor
23 Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
Reminder: Twitch Hacking Live Stream Tonight! 2/26/19 at 8PM EST
The Cyber Mentor
24 Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
Hacking Live Stream: Episode 1 - Kioptrix Level 1, HackTheBox Jerry, and Career Q&A / AMA
The Cyber Mentor
25 Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
Hacking Live Stream: Episode 2 - HackTheBox Active, Vulnserver Buffer Overflow, and Career Q&A / AMA
The Cyber Mentor
26 Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
Hacking Live Stream: Episode 3 - Hack The Box Blue, Devel, and Career Q&A / AMA
The Cyber Mentor
27 New Zero to Hero Pentest Course, New Website, and 2K Subs?!
New Zero to Hero Pentest Course, New Website, and 2K Subs?!
The Cyber Mentor
28 Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
Zero to Hero Pentesting: Episode 1 - Course Introduction, Notekeeping, Introductory Linux, and AMA
The Cyber Mentor
29 Zero to Hero Pentesting: Episode 2 - Python 101
Zero to Hero Pentesting: Episode 2 - Python 101
The Cyber Mentor
30 Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
Zero to Hero Pentesting: Episode 3 - Python 102, Building a Terrible Port Scanner, and a Giveaway
The Cyber Mentor
31 Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
Zero to Hero Pentesting: Episode 4 - Five Phases of Hacking + Passive OSINT
The Cyber Mentor
32 Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
Zero to Hero Pentesting: Episode 5 - Scanning Tools (Nmap, Nessus, BurpSuite, etc.) & Tactics
The Cyber Mentor
33 Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
Zero to Hero Pentesting: Episode 6 - Enumeration (Kioptrix & Hack The Box)
The Cyber Mentor
34 Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
Zero to Hero Pentesting: Episode 7 - Exploitation, Shells, and Some Credential Stuffing
The Cyber Mentor
35 Installing Windows Server 2016 on VMWare in 5 Minutes
Installing Windows Server 2016 on VMWare in 5 Minutes
The Cyber Mentor
36 Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
Zero to Hero: Week 8 - Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat
The Cyber Mentor
37 A Day in the Life of an Ethical Hacker / Penetration Tester
A Day in the Life of an Ethical Hacker / Penetration Tester
The Cyber Mentor
38 Active Directory Exploitation - LLMNR/NBT-NS Poisoning
Active Directory Exploitation - LLMNR/NBT-NS Poisoning
The Cyber Mentor
39 Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
Zero to Hero: Week 9 - NTLM Relay, Token Impersonation, Pass the Hash, PsExec, and more
The Cyber Mentor
40 Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
Zero to Hero: Episode 10 - MS17-010/EternalBlue, GPP/cPasswords, and Kerberoasting
The Cyber Mentor
41 Writing a Pentest Report
Writing a Pentest Report
The Cyber Mentor
42 Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
Zero to Hero: Week 11 - File Transfers, Pivoting, and Reporting Writing
The Cyber Mentor
43 The Complete Linux for Ethical Hackers Course for 2019
The Complete Linux for Ethical Hackers Course for 2019
The Cyber Mentor
44 Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
Full Ethical Hacking Course - Beginner Network Penetration Testing (2019)
The Cyber Mentor
45 Popping a Shell with SMB Relay and Empire
Popping a Shell with SMB Relay and Empire
The Cyber Mentor
46 Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
Pentesting for n00bs: Episode 1 - Legacy (hackthebox)
The Cyber Mentor
47 Pentesting for n00bs: Episode 2 - Lame
Pentesting for n00bs: Episode 2 - Lame
The Cyber Mentor
48 Pentesting for n00bs: Episode 3 - Blue
Pentesting for n00bs: Episode 3 - Blue
The Cyber Mentor
49 Web App Testing: Episode 1 - Enumeration
Web App Testing: Episode 1 - Enumeration
The Cyber Mentor
50 Pentesting for n00bs: Episode 4 - Devel
Pentesting for n00bs: Episode 4 - Devel
The Cyber Mentor
51 Pentesting for n00bs: Episode 5 - Jerry
Pentesting for n00bs: Episode 5 - Jerry
The Cyber Mentor
52 Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
Web App Testing: Episode 2 - Enumeration, XSS, and UI Bypassing
The Cyber Mentor
53 Pentesting for n00bs: Episode 6 - Nibbles
Pentesting for n00bs: Episode 6 - Nibbles
The Cyber Mentor
54 Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
Web App Testing: Episode 3 - XSS, SQL Injection, and Broken Access Control
The Cyber Mentor
55 How NOT to Approach a Cybersecurity Mentor
How NOT to Approach a Cybersecurity Mentor
The Cyber Mentor
56 Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
Web App Testing: Episode 4 - XXE, Input Validation, Broken Access Control, and More XSS
The Cyber Mentor
57 Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
Pentesting for n00bs: Episode 7 - Optimum (hackthebox)
The Cyber Mentor
58 Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
Pentesting for n00bs: Episode 8 - Bashed (hackthebox)
The Cyber Mentor
59 Pentesting for n00bs: Episode 9 - Grandpa
Pentesting for n00bs: Episode 9 - Grandpa
The Cyber Mentor
60 Top 5 Internal Pentesting Methods
Top 5 Internal Pentesting Methods
The Cyber Mentor

This video teaches the basics of clickjacking, a type of cyber attack that involves hacking web application UIs, and provides a lab and further reading on the topic. Viewers will learn how to identify clickjacking vulnerabilities and implement security measures to prevent them.

Key Takeaways
  1. Understand the basics of clickjacking
  2. Identify clickjacking vulnerabilities in web applications
  3. Implement security measures to prevent clickjacking
  4. Use tools like Clickbandit to detect clickjacking attempts
  5. Configure network security to prevent clickjacking
💡 Clickjacking is a type of cyber attack that involves hacking web application UIs, and can be prevented by implementing security measures such as input validation and output encoding.

Related Reads

📰
Bonzo Lend Loses $9 Million to Oracle Manipulation on Hedera Network
Bonzo Lend loses $9 million due to oracle manipulation on Hedera Network, highlighting DeFi security risks
Dev.to · Codego Group
📰
BroncoCTF : Atomic Substitution Theory Writeup
Learn how to solve the Atomic Substitution Theory challenge from BroncoCTF using Python, and improve your cybersecurity skills by applying cryptographic techniques.
Dev.to · Yogeshwar Peela
📰
The Invisible Arms Race: How the World’s Biggest Defense Companies Are Building the Future of Cyber…
Discover how top defense companies are shifting focus to cybersecurity, developing new technologies to stay ahead in the invisible arms race
Medium · Cybersecurity
📰
BronocCTF : Proper Pwning Writeup
Learn to exploit binaries with a medium-difficulty CTF challenge, improving your binary exploitation skills
Dev.to · Yogeshwar Peela

Chapters (6)

Intro
0:15 Clickjacking primer
1:28 Clickjacking lab
5:39 Clickbandit
7:03 Further reading
7:48 Outro
Up next
How to Build a Successful Career in Cyber Security, Avoid Common Mistakes in Tech Education
Sreevidhya Santhosh
Watch →