Chapter 5 - Attack Execution the client P a g e | 93
5.7 Clickjacking
Figure 35 : clickjacking concept
Clickjacking sometimes also named UI redressing also goes under the trickery type of attacks where attacker trick the victim to click on malicious link situated on a transparent page over a page on the site . Attack requirement : For successful attack A . victim should be logged to the sensitive website . B . The victim should access a page on the attacker site
Attack process A . The attacker creates a transparent Iframe on his page and load the page the user logged on with sensitive action . B . The attacker is hiding the iframe using JavaScript and CSS C . The victim cannot see the overlaying page and try to interact with the visible page .
D . The attacker has the buttons and clicks designed to be clicked in a sequence that helps the attacker to execute the malicious action on the hidden page .