Jump to content
begood

Busting frame busting: a study of clickjacking vulnerabilities at popular sites

Recommended Posts

Posted

Web framing attacks such as clickjacking use iframes to hijack a user's web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.

A research question: this page contains our proposed Javascript frame busting code. This code resists the attacks in the paper, but we cannot guarantee that the page cannot be framed. If you are able to write HTML that frames this page, please send us a link.

Busting frame busting: a study of clickjacking vulnerabilities at popular sites [bIBTEX]

Gustav Rydstedt, Elie Bursztein, Dan Boneh, and Collin Jackson

in IEEE Oakland Web 2.0 Security and Privacy (W2SP'10)

Busting frame busting

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...