InformAction Forums

I've read that clickjacking is a browser security issue. How do the hackers manage to overlay their transparent frames/pages over legitimate pages/frames? Does it require them to hack into the target server (e.g. bank's web site) and place the bad stuff there or does the browser user inadvertently pick up the bad stuff at a third party site and it is activated when the user browses the right page on the target server?

Thank you.

Suppose it need not be a "legitimate" site that gets hacked.
It could simply be some "bad" site that you visit.
Or from some link you clicked/followed.
Or email...

Specific as to how it might get on a particular site, not sure?

How Clickjacking Works

The short answer is: you have it backwards. The attacker doesn't put their site on top of the legitimate one. They put the legitimate one - invisibly - on top of their own. You think you're clicking on the attacker's cat videos, but on top of them is the Amazon 'Buy it now' button. The attacker can do this, because they're allowed to open pages from other sites in a frame.

Thank you both for responding. The reason I'm asking is because noscript has detected a clickjacking attack on a bill pay page at a online bank I use. Flipping back and forth between the images show different parts of what appears to be the same page. I'm careful to ensure I specify the right link and use https to access the bank. The behavior seems intermittent. Sometimes it happens, sometimes not. When it does, I clear my browser cache. Any thoughts about how I should investigate this further?

Thanks for your help.

m5W9xC wrote:The reason I'm asking is because noscript has detected a clickjacking attack on a bill pay page at a online bank I use.

Oh.. then sorry for moving this to Web Tech, I wasn't clear your question had anything to do with NoScript.
I'll put it back in NS General in a moment...

m5W9xC wrote:I'm careful to ensure I specify the right link and use https to access the bank. The behavior seems intermittent. Sometimes it happens, sometimes not. When it does, I clear my browser cache. Any thoughts about how I should investigate this further?

Well there are a couple things you can do next time it happens:
1) Report it and post here the report ID, and wait for Giorgio to look at it
2) Also, check the Browser Console (Ctrl-Shift-J) for NoScript related messages (especially anything to do with ClearClick) and post those here as well (note that the URLs may contain sensitive information about you if you are logged in when this happens; it should be fine to post the URLs with those parts censored)