Recipe 10-4: Preventing UI Redressing (Clickjacking) Attacks
This recipe shows you how to identify when attackers attempt to use clickjacking attacks.
Ingredients
- ModSecurity
- STREAM_OUTPUT_BODY variable
- @rsub operator
CAPEC-103: Clickjacking
In a clickjacking attack the victim is tricked into unknowingly initiating some action in one system while interacting with the UI from a seemingly completely different system. While being logged in to some target system, the victim visits the attacker’s malicious site, which displays a UI that the victim wishes to interact with. In reality, the clickjacked page has a transparent layer above the visible UI with action controls that the attacker wishes the victim to execute. The victim clicks on buttons or other UI elements they see on the page, which actually triggers the action controls in the transparent overlaying layer. Depending on what that action control is, the attacker may have just tricked the victim into executing some potentially privileged (and most certainly undesired) functionality in the target system to which the victim is authenticated. The basic problem here is that there is a dichotomy between what the victim thinks he’s clicking on versus what he or she is actually clicking on.
Sample Attacks
In May 2011, Facebook battled a clickjacking attack campaign that tricked users into clicking the Like button to propagate the attacks and attempt to install malware on the ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
