Abstract
Clickjacking is a newly discovered breach in network security. It is based on the functionality of web-designing in which two or more web frames are overlapped over each other. The analysis shows that there is a need for in-depth study on click-jacking attacks (client-side vulnerability) and preventive measures so that early prevention and detection of such kinds of attacks can be implemented in a timely manner. In this research work, most of the client-side attacks are studied and an overview of the clickjacking techniques is presented to provide insights into the area of network security to the researchers. The overview of tools and techniques used by attackers are also investigated along with the prevention measures.
Code Availability
No code is used for the research article.
Availability of data and material
Data and material used in the article are available.
References
Sinha, R., Uppal, D., Singh, D., & Rathi, R. (2014). Clickjacking: Existing defenses and some novel approaches. In 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT 2014), (pp. 396–401).
Pawade, D., Reja, D., Lahigude, A., & Johri, E. (2016). Implementation of extension for browser to detect vulnerable elements on web pages and avoid Clickjacking. In 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) (pp. 226–230). https://doi.org/10.1109/CONFLUENCE.2016.7508118
Shamsi, J. A., Hameed, S., Rahman, W., Zuberi, F., Altaf, K., & Amjad, A. (2014). Clicksafe: Providing Security against Clickjacking Attacks. In 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering (pp. 206–210). https://doi.org/10.1109/HASE.2014.36
Lundeen, B., & Alves-Foss, J. (2012). Practical clickjacking with BeEF. In 2012 IEEE Conference on Technologies for Homeland Security (HST) (pp. 614–619). https://doi.org/10.1109/THS.2012.6459919
Qianqian, W., & Xiangjun, L. (2014). Research and design on Web application vulnerability scanning service. In 2014 IEEE 5th International Conference on Software Engineering and Service Science (pp. 671–674). https://doi.org/10.1109/ICSESS.2014.6933657
Faghani, M. R., & Nguyen, U. T. (2014). A study of clickjacking worm propagation in online social networks. In Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014) (pp. 68–73). https://doi.org/10.1109/IRI.2014.7051873
Kim, D., & Kim, H. (2015). Performing Clickjacking Attacks in the Wild: 99% are Still Vulnerable! In 2015 1st International Conference on Software Security and Assurance (ICSSA) (pp. 25–29). https://doi.org/10.1109/ICSSA.2015.015
Takamatsu, Y., & Kono, K. (2014). Clickjuggler: Checking for incomplete defenses against clickjacking (pp. 224–231). https://doi.org/10.1109/PST.2014.6890943
Rehman, U. U., Khan, W. A., Saqib, N. A., & Kaleem, M. (2013). On Detection and Prevention of Clickjacking Attack for OSNs. In 2013 11th International Conference on Frontiers of Information Technology (pp. 160–165). https://doi.org/10.1109/FIT.2013.37
Krishna Chaitanya, T., Ponnapalli, H., Herts, D., & Pablo, J. (2012). Analysis and Detection of Modern Spam Techniques on Social Networking Sites. In 2012 Third International Conference on Services in Emerging Markets (pp. 147–152). https://doi.org/10.1109/ICSEM.2012.28
Wu, L., Brandt, B., Du, X., & Ji, B. (2017). Analysis of clickjacking attacks and an effective defense scheme for Android devices. In 2016 IEEE Conference on Communications and Network Security, CNS 2016, (pp. 55–63). https://doi.org/10.1109/CNS.2016.7860470
Rydstedt, G., Bursztein, E., Boneh, D., & Jackson, C. (2010). Busting Frame Busting : a Study of Clickjacking Vulnerabilities on Popular Sites A Survey of Frame busting. Web 20 Security and Privacy 2010, pp. 1–13. Retrieved from http://www.mendeley.com/research/busting-frame-busting-study-clickjacking-vulnerabilities-popular-sites-survey-frame-busting-2/
Starov, O., Zhou, Y., & Wang, J. (2019). Detecting malicious campaigns in obfuscated JavaScript with scalable behavioral analysis. In Proceedings - 2019 IEEE Symposium on Security and Privacy Workshops, SPW 2019, (pp. 218–223). https://doi.org/10.1109/SPW.2019.00048
Kalim, A., Jha, C. K., Tomar, D. S., & Sahu, D. R. (2021). Novel Detection Technique For Framejacking Vulnerabilities In Web Applications. In 2021 2nd International Conference on Computation, Automation and Knowledge Management (ICCAKM) (pp. 265–270). https://doi.org/10.1109/ICCAKM50778.2021.9357764
Narayanan, A. S. (2012). Clickjacking vulnerability and countermeasures. International Journal of Applied Information Systems, 4(7), 7–10. https://doi.org/10.5120/ijais12-450793
Rehman, U. U., Khan, W. A., Saqib, N. A., & Kaleem, M. (2013). On detection and prevention of clickjacking attack for OSNs. In Proceedings - 11th International Conference on Frontiers of Information Technology, FIT 2013, (December), (pp. 160–165). https://doi.org/10.1109/FIT.2013.37
Patil, Y. (2020). Detection of Clickjacking Attacks using the Extreme Learning Machine algorithm MSc Cyber Security 2019–2020 Yashodha Patil.
Kavitha, D., & Ravikumar, S. (2016). Click jacking Vulnerability Analysis and Providing Security against WEB Attacks Using White listing URL analyzer. International Journal of Computer Techniques , 2(3). Retrieved from http://www.ijctjournal.org
Shital, P., & R., Chavan. . (2017). Web browser security: Different attacks detection and prevention techniques. International Journal of Computer Applications, 170(9), 35–41. https://doi.org/10.5120/ijca2017914938
Possemato, A., Lanzi, A., Chung, S. P. H., Lee, W., & Fratantonio, Y. (2018). Clickshield: Are you hiding something? Towards eradicating clickjacking on android. In Proceedings of the ACM Conference on Computer and Communications Security, (pp. 1120–1136). https://doi.org/10.1145/3243734.3243785
Funding
No funding availed. So, this is not applicable.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author declares there is no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Sahani, R., Randhawa, S. Clickjacking: Beware of Clicking. Wireless Pers Commun 121, 2845–2855 (2021). https://doi.org/10.1007/s11277-021-08852-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-08852-y