Abstract
Clickjacking attacks are an emerging threat on the web. An attacker application presents a User Interface (UI) element of a target application out of context, such as hiding sensitive UI element by making it transparent to the end user. The user is tricked to click on the hidden element out of context. These attacks can cause severe damages such as compromising webcams and posting unintended messages. A large number of websites are still vulnerable to clickjacking and have no minimal protection at the server side (e.g., frame busting, X-Frame-Options header). Further, client-side defense techniques have been ineffective to deal with sophisticated clickjacking attack types and suffer from performance issues. This paper presents a proxy-level framework, ProClick, to detect clickjacking attacks. ProClick examines the content of requests and response pages at the proxy level to detect clickjacking attacks. We evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that our approach has low false positive and false negative rates. The overhead imposed by the proposed approach is also very negligible.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
