samy's quickjacking
- This tool can be used to create an iframe slice or to produce clickjacking code.
- The clickjacking code produced allows the victim to click anywhere on the page in order to get clickjacked.
- Example clickjacking of Facebook can be found at //samy.pl/quickjack/twitter.html -- click anywhere to add the Twitter application.
- Click QuickSlice Mode to switch to iframe slicing, or QuickJack Mode for clickjacking mode.
- First, type your URL into the box in the top left corner and press enter.
- If you find that the URL box disappears when going to a specific URL, try the Go (prevent frame breakout) button.
- Clicking the draggable icon will allow you to drag the URL box around.
- To pan around the page, hold down spacebar or click the "Pan" button, then click and drag.
- To create clickjacking HTML, click QuickJack Mode, then click on the location you want to force clicks to.
- To make an iframe with your selection, click and drag to create a selection, then press the I'm Done! button to get your code.
- Originally based off of some unknown cakeslicing app.
Todo:
- Prevent referrer passing in Opera
- Prevent frame breakouts in more than FF3
- Don't alter URL when panning with spacebar
- Display iframe when frame breakout enabled
- Adjust default mouse pointer