Other Attacks

Clickjacking (UI redressing)

The attacker trick a victim into clicking a resource which is different from what they actually intend to click on (link / button / image ...).

The attacker will host a malicious site, which is almost identical to a legit site. Typically:

  • An iframe src = the legit page

  • CSS to make them look exactly the same

  • Overlay a fake button using CSS z-index property

Attacker's steps:

  1. Feasibility study

  2. Buildi a malicious site

  3. Spread the malicious page link

Defense:

  • Do not allow iframe from other sites

    • e.g. in PHP, set <?php header('X-Frame-Options: SAMEORIGIN'); ?>

    • Meta tag in HTML <meta http-equiv="X-Frame-Options" content="deny">

  • HTTP response header

  • Content security Policy

  • Browser Frame-Breaker

Old school JS method:

<script>
    if (top != window) {
        top.location = window.location
    }
</script>

Response Splitting

Scenario:

A user input is reflected in the response header, say Set-cookie or Last Visit By using \r\n (%0d%0a), the attacker could craft a customized response, or even adding malicious headers like:

  • Access-Control-Allow-Origin: <attacker_site>

  • Access-Control-Allow-Credentials: true

Of course this is a exploitable via phishing.

Defense:

  • Deny %0d%0a within the function header (default > PHP v5.1.4)

PreviousFiles and Resources AttacksNextHTML5

Last updated