All Tricks

CLICKJACKING By Parth Makadiya What is Clickjacking ? Clickjacking  is a malicious technique of tricking web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. Clickjacking involves generating a fake graphical overlay on top of an existing Web page in order to visually change the Web page while preserving its functionality (buttons, forms, etc.). This is done with the intension of misleading users to interact with the hidden Web page while they believe they are interacting with a completely different Web site. Description: Using only CSS Z-INDEX and HTML IFRAME, an attacker can create a transparent victim web page that contains privileged buttons. Underneath this transparent IFRAME, the attacker puts content, like a game, that entices the user to click. You may think you're playing a game, when you're actually starting a webcam recording. Sample Script Code: <h...

By Parth Makadiya What is Clickjacking? Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from general view. In this situation what happens is that You think that you are clicking on a standard button or link, like the PLAY button or download button on an video or some stuff, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it. Some good hackers make ajax keyloggers and put them as javascripts over their fake websites and when you open them they retrieve all your passwords stored in web browser and records whate...