Lab OverviewClickjacking, also known as UI-Redress attack, misleads the victim by overlaying multiple frames and making some frames invisible. Thus the victim is displayed with one webpage but his/her action is actually on another webpage that is selected by the attackers. This attack takes advantage of the HTML property called iFrame. The objective of this lab is to understand how iFrame with some Style property can be used as the tool for such an attack. Students will first create HTML webpages and learn the use of iFrame; then they will try Clickjacking attacks on the phpBB Web Application server within the lab environment.
Lab Description and Tasks (PDF)
Lecture Video: (watch)