Clickjacking is the mechanism that misleads users when they follow a link to any site; it redirects the user to a malicious webpage. Clickjacking has become very effective. It is often used to spread through the Facebook links to the malicious websites. Recently, these techniques proved their effectiveness to breach the anonymity of website’s visitors. Also, following a sly link may lead to an attacker that will gain an access to the OAuth data. Let us see how it happens.

Classic application of clickjacking - spreading links through the Facebook

The attacker hides the “Like” or “Share” buttons in a transparent iframe in the classic scenario of clickjacking. This iframe is located above the element of page, which should be clicked by the user; also iframe can follow the mouse cursor. When we click on the element it is redirected to the invisible “Like” or “Share” buttons. Such operations are not limited to the Facebook, the attacker only needs to hide the elements of another website in the iframe.

Below is shown a typical message that can be seen in the net of Facebook, if one of our connections were intercepted by clickjacking:

Enyman 9 september 2011, 10:30