![]() The actual attack can be virtually anything possible via web pages. But the attacker’s script can also execute the expected action to make it appear nothing has gone wrong.Ĭlickjacking itself is not the end goal of the attack it is simply a means of launching some other attack by making users think they are doing something safe. Users click a link or a button, expecting a particular action from the original site, and the attacker’s script runs instead. There is no indication there is a hidden UI layered over the original site. The attacker then tricks users into visiting the malicious page, which looks just like a site users know and trust. ![]() ![]() If a web page allows itself to be displayed within a frame, an attacker can cover the original web page with a hidden, transparent layer with its own JavaScript and UI elements. The attack is possible thanks to HTML frames (iframes), the ability to display web pages within other web pages through frames. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |