PRACTICAL CLICK-JACKING WITH BEEF

    This project is about implementing the click-jacking attack and monitor the attack through the BeEF tool. Here, we are going to implement a click-jacking method. For that, an HTML code with a CSS style sheet will be designed for adding the click-jacking the attack. JavaScript will be used to make the website responsive. Once the click-jacking attack is implemented and the designed website made as vulnerable to easily use a click-jacking attack, a BeEF tool for browser penetration tester will be installed in Ubuntu Operating system based PC and configure with a link of the webpage we implemented a click-jacking attack. Here, the input element is to detect the click in a hidden view. So, the user will never know when the specific button clicks what kind of processing is done in the background. This attack will be visible by using the BeEF tool.
Design Details:
● We created a simple website that contains some funny quotes and will be performing clickjacking on this website. We create a pop-up named click-thru as shown in the project paper which hides half of the quote and will make the user click on the popup thereby making him click on the iframed webpage that he did not intend to do.
● We have used the clickjacking module that is present in the BeEF tool to perform the clickjacking. In the BeEF tool, we can specify the URL of the page that we want to be iframed on the quotes website that we have created.
● The iframed page and just enough of the element to allow the user to click it. The opacity is assigned dynamically depending on if the user wants the attack to be visible or not.
● We also created the JavaScript to make the iframed page follow the mouse as the user moves it around the page. Therefore, when the user clicks regardless of where on the page, they will always click on the hidden iframe.
● We performed the attack by showing the iframed like button and without showing it.

Reference Paper: Practical Clickjacking with BeEF
Author’s Name: Brigette Lundeen and Dr. Jim Alves-Foss
Source: IEEE
Year:2012

Request source code for academic purpose, fill REQUEST FORM or contact +91 7904568456 by WhatsApp or sales@verilogcourseteam.com, fee applicable.

SIMULATION VIDEO DEMO  


PREVIOUS PAGE|NEXT PAGE