Testing for clickjacking vulnerabilities
Clickjacking is a technique used to trick users into performing actions on a target site without them realizing. This is done by a malicious user placing a hidden overlay on top of a legitimate website, so when the victim thinks they are interacting with the legitimate site, they are really clicking on hidden items on the hidden top overlay. This attack can be crafted in such a way that it causes the victim to type in credentials or click and drag on items without realizing they are being attacked. These attacks can be used against banking sites to trick victims into transferring funds and were also common among social networking sites in an attempt to gain more followers or likes, although most have defensive measures in place now.
How to do it…
There are two main ways websites can prevent clickjacking: either by setting an X-FRAME-OPTIONS header, which tells the browser not to render the site if it's inside a frame, or by using JavaScript to escape...
