Clickjacking Metasploit Aux Module
February 21st, 2009
In the last few months we’ve heard and seen a variety of proof of concept as well as a high profile real world example of clickjacking. I recently decided to explore the possibilities of quickly and effectively implementing these attacks through the Metasploit framework.
The result is a metasploit auxiliary module that allows the user to select a HTML file to inject attack code into, targeting a selected URL. It works fairly well, but be prepared to type. The nature of the attack requires quite a few settings to be entered and then I added options on top of that for flexibility. That said, if clickjacking is your bag and you plan on doing it frequently, this may be a real timesaver.
Download clickjacker.rb
The code within the “view code” pop up has a little error. In line 55 you must add a “|” in the end so that the line looks like this:
@hostpage.each do |sourceline|
I’ll try out the auxilary right away! Thanks a lot
There are some other issues as well with the WP plugin I was using to style source code. I went ahead and pulled that view off of the post and replaced it with a link to the .rb file.