Home Lab Setup SEED Labs Books Lectures Workshops

Clickjacking Attack Lab (Cupcakes)


Clickjacking, also known as a "UI redress attack", is an attack that tricks a user into clicking on something they do not intend to when visiting a webpage, thus "hijacking" the click. In this lab, we will explore a common attack vector for clickjacking: the attacker creates a webpage that loads the content of a legitimate page but overlays one or more of its buttons with invisible button(s) that trigger malicious actions. When a user attempts to click on the legitimate page's buttons, the browser registers a click on the invisible button instead, triggering the malicious action.

Tasks (PDF)

Time (Suggested)

  • Supervised (closely-guided lab session): 2 hours
  • Unsupervised (take-home project): 1 week

SEED Videos

SEED Books (English)

Feedback and Help

Please give us your feedback on this lab using this feedback form.
The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs.