Facebook Clickjacking Example

If you’re still a little confused about what clickjacking is, then I suggest watching the following YouTube video.

This video shows how Narkolayev Shlomi made a click jack attack that added an application to his Facebook account. It’s a little dry and there isn’t any sound. Stick with the video to the end, though. You might be surprised to see what secrets lie in wait.

Shlomi strips away all pretense of subterfuge in this video to show users exactly how they fall victim to clickjacking attacks. As you will see in the video, Shlomi has created a web page that identifies itself as a clickjack demo. He then goes to his Facebook account to show the audience what applications he has used recently.

When he clicks “start demo” on the click jack page, the audience quickly sees that a new application has appeared in Shlomi’s Facebook account.

What you have just witnessed is a basic clickjack attack. It doesn’t do any harm, but it could just as easily be designed to open an application that captures personal information.

Shlomi draws back the curtain at the end of the video to show exactly how the clickjack attack works. The audience now sees that there is another screen hidden on top of the clickjack demo page. Not surprisingly, the hidden screen is a Facebook page asking permission to install an application.

Shlomi has shown us this to make everyone aware of the potential dangers that clickjacking poses. Unfortunately, what he reveals is that the average internet users might not be able to protect himself against these attacks. Even popular browsers and web sites have had a hard time creating security measures that can stop click jacking in its tracks.

This example could easily be made to trick users into opening applications on Facebook. Instead of a page that proclaims its clickjacking intention, Shlomi could have easily made one that showed pictures of LOL cats or something. The attacks become most effective when they convince you to lower your guard.

Advertisements
Explore posts in the same categories: Uncategorized

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

4 Comments on “Facebook Clickjacking Example”


  1. […] instance, this clickjacking blog proposes how much more dangerous the threat would be if the jacked page had pictures of LOL cats […]


  2. […] instance, this clickjacking blog proposes how much more dangerous the threat would be if the jacked page had pictures of LOL cats […]

  3. jix Says:

    Hi
    The latest malicious post used for this clickjacking is
    ” It Turned out her Boobs On Live Television” “Video2u.eu”

    Beware..


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: