SEED Project

Clickjacking Attack Lab (Cupcakes)

Overview

Clickjacking, also known as a "UI redress attack", is an attack that tricks a user into clicking on something they do not intend to when visiting a webpage, thus "hijacking" the click. In this lab, we will explore a common attack vector for clickjacking: the attacker creates a webpage that loads the content of a legitimate page but overlays one or more of its buttons with invisible button(s) that trigger malicious actions. When a user attempts to click on the legitimate page's buttons, the browser registers a click on the invisible button instead, triggering the malicious action.

Tasks (PDF)

VM version: This lab has been tested on our SEED Ubuntu-20.04 VM
Lab setup files
- Labsetup.zip
- Labsetup-arm.zip (for Apple Silicon machines)
Manual:: Docker manual

Time (Suggested)

Supervised (closely-guided lab session): 2 hours
Unsupervised (take-home project): 1 week

SEED Videos

Udemy: Web Security: A Hands-on Approach (§ 5)

SEED Books (English)

Feedback and Help

	Please give us your feedback on this lab using this feedback form.
	The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs.