-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathclickjack.py
47 lines (38 loc) · 1.22 KB
/
clickjack.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import os
import sys
import webbrowser
if len(sys.argv) != 2:
print('\n[+] Description: %s can quickly verify if a web page is vulnerable to clickjacking' % __file__)
print('[+] Usage: python %s <url>\n' % __file__)
exit(0)
url = sys.argv[1]
html = '''
<html>
<head>
<title>Clickjacking Test Page</title>
</head>
<body>
<h1>Clickjacking Test Results</h1>
<h2>Target: <a href="%s">%s</a></h2>
<h3>If you see the target website rendered below, it is <font color="red">VULNERABLE</font>.</h3>
<iframe width="900" height="600" src="%s"></iframe>
<iframe style="position: absolute; left: 20px; top: 250px; opacity: 0.8; background: AliceBlue; font-weight: bold;" src="cj-attacker.html"></iframe>
</body>
</html>
''' % (url, url, url)
html2 = '''
<html>
<div style="opacity: 1.0; left: 10px; top: 50px; background: PapayaWhip; font-weight: bold;">
<center><a href="#">THIS IS AN EXAMPLE CLICKJACKING IFRAME AND LINK</a>
<br>(normally invisible)</center>
</div>
</html>
'''
cjt = os.path.abspath('cj-target.html')
cja = os.path.abspath('cj-attacker.html')
localurl = 'file://' + cjt
with open(cjt, 'w') as t, open (cja, 'w') as a:
t.write(html)
a.write(html2)
webbrowser.open(localurl)
print('\n[+] Test Complete!')