Testing for clickjacking
Clickjacking is also known as a UI redress attack. This attack is a deceptive technique that tricks a user into interacting with a transparent iframe
and, potentially, sending unauthorized commands or sensitive information to an attacker-controlled website. Let’s see how to use Burp Clickbandit to test whether a site is vulnerable to clickjacking.
Getting ready
We’ll use the OWASP Mutillidae II application and Burp Clickbandit to determine whether the application protects against clickjacking attacks.
How to do it...
- Navigate to the Home page of OWASP Mutillidae II.
- Switch to Burp and, from the top-level menu, select Burp Clickbandit:
![Figure 9.1 – Clickbandit menu item](https://static.packt-cdn.com/products/9781835081075/graphics/image/B21173_Figure_9.01.jpg)
Figure 9.1 – Clickbandit menu item
- A pop-up box explains the tool. Click the Copy Clickbandit to clipboard button:
![Figure 9.2 – Copying code to the clipboard](https://static.packt-cdn.com/products/9781835081075/graphics/image/B21173_Figure_9.02.jpg)
Figure 9.2 – Copying code to the clipboard
- Return to the Firefox browser and the landing...