In the last few months we’ve heard and seen a variety of proof of concept as well as a high profile real world example of clickjacking.  I recently decided to explore the possibilities of quickly and effectively implementing these attacks through the Metasploit framework.

The result is a metasploit auxiliary module that allows the user to select a HTML file to inject attack code into, targeting a selected URL.  It works fairly well, but be prepared to type.  The nature of the attack requires quite a few settings to be entered and then I added options on top of that for flexibility.  That said, if clickjacking is your bag and you plan on doing it frequently, this may be a real timesaver.

Download clickjacker.rb

Code clickjacking, metasploit, module