Busting Frame Busting: a Study of Clickjacking Vulnerabilities on Popular Sites
نویسندگان
چکیده
Web framing attacks such as clickjacking use iframes to hijack a user’s web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.
منابع مشابه
Framing attacks
While many popular web sites on the Internet use frame busting to defend against clickjacking, very few mobile sites use frame busting. Similarly, few embedded web sites such as those used on home routers use frame busting. In this paper we show that framing attacks on mobile sites and home routers can have devastating effects. We develop a new attack called tap-jacking that uses features of mo...
متن کاملClickjacking Revisited: A Perceptual View of UI Security
Warren He presented his work on new forms of clickjacking attacks; this was joint work with some of his fellow researchers at UC Berkeley. Their team frames clickjacking as fundamentally an attack on a user’s perception; all five of their new attacks work by manipulating or diverting a user’s attention from security UI events that would otherwise alert users of the clickjacking attack. He argue...
متن کاملAlgorithms for Cluster Busting in Anchored Graph Drawing
Given a graph G and a drawing or layout of G, it is sometimes desirable to alter or adjust the layout. The challenging aspect of designing layout adjustment algorithms is to maintain a user’s mental picture of the original layout. We present a new approach to layout adjustment called cluster busting in anchored graph drawing. We then give two algorithms as examples of this approach. The goals o...
متن کامل