Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites

Gustav Rydstedt, Elie Bursztein, Dan Boneh, Collin Jackson   @W2SP 2010
4 reaction(s) | 2405 downloads
Web framing attacks such as clickjacking use iframes to hijack a user's web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.
You might also like reading

clickjacking 2010

Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks

mobile 2012

SessionJuggler Secure Web Login from an Untrusted Terminal Using Session Hijacking

embedded devices 2009

XCS cross channel scripting and its impact on web applications

captcha 2011

Text-based CAPTCHA Strengths and Weaknesses

web security 2010

An Analysis of Private Browsing Modes in Modern Browsers

Comments are loading
About me
Lead Google's anti-abuse research. Develop new ways to protect users and disrupt bad guys. Make Chrome safer and faster. Help keeping G+ and Gmail clean. Wear berets. Do magic tricks.