Skip to main content
SpringerLink
Log in

Clickjacking: Beware of Clicking

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Clickjacking is a newly discovered breach in network security. It is based on the functionality of web-designing in which two or more web frames are overlapped over each other. The analysis shows that there is a need for in-depth study on click-jacking attacks (client-side vulnerability) and preventive measures so that early prevention and detection of such kinds of attacks can be implemented in a timely manner. In this research work, most of the client-side attacks are studied and an overview of the clickjacking techniques is presented to provide insights into the area of network security to the researchers. The overview of tools and techniques used by attackers are also investigated along with the prevention measures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Code Availability

No code is used for the research article.

Availability of data and material

Data and material used in the article are available.

References

  1. Sinha, R., Uppal, D., Singh, D., & Rathi, R. (2014). Clickjacking: Existing defenses and some novel approaches. In 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT 2014), (pp. 396–401).

  2. Pawade, D., Reja, D., Lahigude, A., & Johri, E. (2016). Implementation of extension for browser to detect vulnerable elements on web pages and avoid Clickjacking. In 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) (pp. 226–230). https://doi.org/10.1109/CONFLUENCE.2016.7508118

  3. Shamsi, J. A., Hameed, S., Rahman, W., Zuberi, F., Altaf, K., & Amjad, A. (2014). Clicksafe: Providing Security against Clickjacking Attacks. In 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering (pp. 206–210). https://doi.org/10.1109/HASE.2014.36

  4. Lundeen, B., & Alves-Foss, J. (2012). Practical clickjacking with BeEF. In 2012 IEEE Conference on Technologies for Homeland Security (HST) (pp. 614–619). https://doi.org/10.1109/THS.2012.6459919

  5. Qianqian, W., & Xiangjun, L. (2014). Research and design on Web application vulnerability scanning service. In 2014 IEEE 5th International Conference on Software Engineering and Service Science (pp. 671–674). https://doi.org/10.1109/ICSESS.2014.6933657

  6. Faghani, M. R., & Nguyen, U. T. (2014). A study of clickjacking worm propagation in online social networks. In Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014) (pp. 68–73). https://doi.org/10.1109/IRI.2014.7051873

  7. Kim, D., & Kim, H. (2015). Performing Clickjacking Attacks in the Wild: 99% are Still Vulnerable! In 2015 1st International Conference on Software Security and Assurance (ICSSA) (pp. 25–29). https://doi.org/10.1109/ICSSA.2015.015

  8. Takamatsu, Y., & Kono, K. (2014). Clickjuggler: Checking for incomplete defenses against clickjacking (pp. 224–231). https://doi.org/10.1109/PST.2014.6890943

  9. Rehman, U. U., Khan, W. A., Saqib, N. A., & Kaleem, M. (2013). On Detection and Prevention of Clickjacking Attack for OSNs. In 2013 11th International Conference on Frontiers of Information Technology (pp. 160–165). https://doi.org/10.1109/FIT.2013.37

  10. Krishna Chaitanya, T., Ponnapalli, H., Herts, D., & Pablo, J. (2012). Analysis and Detection of Modern Spam Techniques on Social Networking Sites. In 2012 Third International Conference on Services in Emerging Markets (pp. 147–152). https://doi.org/10.1109/ICSEM.2012.28

  11. Wu, L., Brandt, B., Du, X., & Ji, B. (2017). Analysis of clickjacking attacks and an effective defense scheme for Android devices. In 2016 IEEE Conference on Communications and Network Security, CNS 2016, (pp. 55–63). https://doi.org/10.1109/CNS.2016.7860470

  12. Rydstedt, G., Bursztein, E., Boneh, D., & Jackson, C. (2010). Busting Frame Busting : a Study of Clickjacking Vulnerabilities on Popular Sites A Survey of Frame busting. Web 20 Security and Privacy 2010, pp. 1–13. Retrieved from http://www.mendeley.com/research/busting-frame-busting-study-clickjacking-vulnerabilities-popular-sites-survey-frame-busting-2/

  13. Starov, O., Zhou, Y., & Wang, J. (2019). Detecting malicious campaigns in obfuscated JavaScript with scalable behavioral analysis. In Proceedings - 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019, (pp. 218–223). https://doi.org/10.1109/SPW.2019.00048

  14. Kalim, A., Jha, C. K., Tomar, D. S., & Sahu, D. R. (2021). Novel Detection Technique For Framejacking Vulnerabilities In Web Applications. In 2021 2nd International Conference on Computation, Automation and Knowledge Management (ICCAKM) (pp. 265–270). https://doi.org/10.1109/ICCAKM50778.2021.9357764

  15. Narayanan, A. S. (2012). Clickjacking vulnerability and countermeasures. International Journal of Applied Information Systems, 4(7), 7–10. https://doi.org/10.5120/ijais12-450793

    Article  Google Scholar 

  16. Rehman, U. U., Khan, W. A., Saqib, N. A., & Kaleem, M. (2013). On detection and prevention of clickjacking attack for OSNs. In Proceedings - 11th International Conference on Frontiers of Information Technology, FIT 2013, (December), (pp. 160–165). https://doi.org/10.1109/FIT.2013.37

  17. Patil, Y. (2020). Detection of Clickjacking Attacks using the Extreme Learning Machine algorithm MSc Cyber Security 2019–2020 Yashodha Patil.

  18. Kavitha, D., & Ravikumar, S. (2016). Click jacking Vulnerability Analysis and Providing Security against WEB Attacks Using White listing URL analyzer. International Journal of Computer Techniques , 2(3). Retrieved from http://www.ijctjournal.org

  19. Shital, P., & R., Chavan. . (2017). Web browser security: Different attacks detection and prevention techniques. International Journal of Computer Applications, 170(9), 35–41. https://doi.org/10.5120/ijca2017914938

    Article  Google Scholar 

  20. Possemato, A., Lanzi, A., Chung, S. P. H., Lee, W., & Fratantonio, Y. (2018). Clickshield: Are you hiding something? Towards eradicating clickjacking on android. In Proceedings of the ACM Conference on Computer and Communications Security, (pp. 1120–1136). https://doi.org/10.1145/3243734.3243785

Download references

Funding

No funding availed. So, this is not applicable.

Author information

Authors and Affiliations

  1. Computer Science and Engineering Department, Thapar University, Patiala, Punjab, India

    Rishabh Sahani & Sukhchandan Randhawa

Authors
  1. Rishabh Sahani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sukhchandan Randhawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sukhchandan Randhawa.

Ethics declarations

Conflict of interest

The author declares there is no conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sahani, R., Randhawa, S. Clickjacking: Beware of Clicking. Wireless Pers Commun 121, 2845–2855 (2021). https://doi.org/10.1007/s11277-021-08852-y

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-08852-y

Keywords

Search

Navigation