Mutillidae Click Jacking


Through clickjacking, we have controlled the webpage and hijacked the page.

Why is Click-jack Attacked?

You may have seen it sometimes, when you click on some website page, an unnecessary page opens, all these of work are part of Click-jacking. With the click-jacking, we can get the mouse to work on every event, Like page-likes, send page to another page, infinite pop up loop on web page etc.

Redirect attack on page

Example Security label : 0,1

  1. First open where you can insert something Like, registration page or add blog page or comment post page
  2. Now write the javaScript code as you want , here we are using the redirect page using mouse move.
  3. Do with this example , just copy and paste it on your input box and post it.
document.getElementsByTagName("body")[0].setAttribute("onmouseover", "redirectPage()");
function redirectPage(){ window.location =""; }

Click-jacking successful , now move your mouse anywhere your given redirect page will open

Open infinite browser tab attack

  1. In this example we will open at least 5 tabs of the browser
  2. If you want, you can open the tab by running an infinite loop, any browser has a limit as to which tab it can open, after then the browser crashes
  3. Do with this example , just copy and paste it on your input box and post it.
document.getElementsByTagName("body")[0].setAttribute("onclick", "manyTabOpen()");
function manyTabOpen(){ for (var i=0;i<5;i++){"","_blank"); } }

As soon as you open the page, the browser will ask you for permission of the popup allow you to allow

Then the attack will be successful, now you can modify it according to your own and use some other method, and you should also

Let me give you an example for practice

1. Alert box attack in browser

2. Add a function to the tag with the help of the attribute and then run any function by writing an attack code

3. On the first click on a link, an unnecessary page is opened and click again but the real page is open.

💡 Tip: You must have basic knowledge of JavaScript for click jacking.

cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.