.NET Daily

Prevent Attack: Click Jack

Introduction

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.


LATEST POSTS

Tips for Effective IT Projects Estimates 23rd December, 2017

Tips about Project Status Reports 05th October, 2017

ASP.net

Prevent Attack: Click Jack

Posted on .

Click Jacking is a malicious technique of tricking a Web user into clicking on something different to what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a vulnerability across a variety of browsers and platforms. A click jack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

Example

A user might receive an email with a link to a video about a news item, but another valid page, say a product page on amazon.com, can be “hidden” on top or underneath the “PLAY” button of the news video. The user tries to “play” the video but actually “buys” the product from Amazon.
Other known exploits include:

  • Tricking users into enabling their webcam and microphone through Flash (which has since been corrected by Adobe);
  • Tricking users into making their social networking profile information public;
  • Making users follow someone on Twitter;
  • Sharing links on Facebook;

Remedy

During the click jack attack the most probably used technique is with the help of IFRAME. The IFrame borders are hidden from CSS and most of the times you will not notice that you are on a different page.

A solution will be to restrict you website to be used inside IFRAME. You can add the code below to your Global.asax file:

You can download a harmless sample of a click jack attack from below

source: Code Project

Attachments

Darius

Darius

Darius Dumitrescu is a creative Senior CMS Consultant with in depth .NET knowledge, focused on Web Development and Architecture Design.

There are no comments.

View Comments (0) ...
Navigation