Clickjacking is a cyber-attack in which an attacker tricks a user into clicking on something different from what the user perceives, thereby causing the user to perform actions of which they are unaware. Clickjacking is also referred to as a “UI redress attack.” A common objective with a clickjacking attack is to either reveal confidential information or allow the attacker to take control of the user’s computer. A hacker can use a similar technique in a clickjacking attack to also hijack keystrokes. By carefully employing CSS stylesheets and iframes with text boxes, an attacker can mislead users to believe they are entering passwords on a legitimate site, only to have their keystrokes captured by the attacker.
Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.
Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.
Get started with Bugcrowd
Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.