What is clickjacking? Clickjacking, also known as UI redress attack or user interface (UI) deception, is a type of malicious technique used by attackers to trick users into clicking on something different from what they perceive. It involves overlaying or embedding malicious content on top of a legitimate website or application interface, making it appear as if the user is interacting with the genuine site.
Exploits of clickjacking: Phishing: Trick users into revealing sensitive information or login credentials by overlaying fake login forms or other data-entry fields. Malware installation: Trick users into downloading and installing malware by hiding malicious download buttons under legitimate-looking content. Social engineering: Manipulate users into performing actions, such as sharing content on social media or liking a page, without their knowledge or consent. Account hijacking: Exploit the user's actions to carry out unauthorized activities on their behalf, such as changing account settings or making fraudulent transactions.
Clickjacking attacks can be implemented using various techniques, including: Invisible iframes: Overlaying a transparent or hidden iframe on top of a legitimate website, positioning it in a way that captures user clicks. CSS opacity and layers: Manipulating the opacity and layering properties of HTML elements to hide malicious content beneath legitimate elements. UI element positioning: Tricking users into clicking on invisible buttons by carefully positioning UI elements or by mimicking the appearance of legitimate buttons. UI redesign: Completely redesigning the user interface of a website or application to confuse users and lead them to unintentionally click on certain elements.