Lab: Clickjacking with form input data prefilled from a URL parameter
This lab extends the basic clickjacking example in Lab: Basic clickjacking with CSRF token protection. The goal of the lab is to change the email address of the user by prepopulating a form using a URL parameter and enticing the user to click on a "update email" button without the user's knowledge.
To solve the lab, craft some HTML that frames the account page and fools the user into changing their email address by clicking on a "Click me" decoy. The account is solved when the email address is changed.
You have an account on the application that you can use to help design your attack. The credentials are:
The victim will be using Chrome so test your exploit on that browser.
Login to the account on the target website.
Use the following HTML template and provide the details as follows:
- replace $url with the URL for the target website change email page in the iframe,
- substitute suitable values in pixels for the $height_value and $width_value variables of the iframe (we suggest 700px and 500px respectively),
- substitute suitable values in pixels for the $top_value and $side_value variables of the decoy web content so that the "update email" button and the "Test me" decoy action align (we suggest 400px and 80px respectively),
- set the opacity value $opacity to ensure that the target iframe is transparent. Initially, use an opacity of 0.1 so that you can align the iframe actions and adjust the position values as necessary. For the submitted attack a value of 0.0001 will work.
Go to the exploit server, paste your exploit HTML into the "Body text" box, and click "Store".
Click "View exploit".
Hover over "Test me" and ensure the cursor changes to a hand indicating that the div element is positioned correctly. If not, adjust the position of the div element by modifying the top and left properties of the style sheet.
Once you have the div element lined up correctly, change "Test me" to "Click me" and click "Store".
Now click on "deliver exploit to victim" and the lab should be solved.