Hello @D4Vinci , your tool is great.
You wrote this python script by considering user have to put http://
before website name in their sites.txt
file,
But if we put http://
before www.example.com
then we get following error:
┌──(kali㉿kali)-[~/Clickjacking-Tester]
└─$ python3 Clickjacking_Tester.py /home/kali/Desktop/sites.txt 148 ⨯ 1 ⚙
[*] Checking http://www.example.com
[+] Website is vulnerable!
Traceback (most recent call last):
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 58, in <module>
if __name__ == '__main__': main()
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 52, in main
create_poc(site.split('\n')[0])
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 35, in create_poc
with open(url + ".html", "w") as f:
FileNotFoundError: [Errno 2] No such file or directory: 'http://www.example.com.html'
This is because Linux OS
not allowing users to create file with name http://
in the beginning. This only happens if we put http://
before website name like below.
But in order to create a file with name url + ".html"
, i can remove http://
from my website in sites.txt
. Example: www.example.com
Now, I can successfully create a file in Kali linux with name www.example.com.html
.
But, New big issue arise here after doing this, The <iframe>
tag inside HTML file will be generated like this:
<iframe src="www.example.com" width="500" height="500"></iframe>
and if u open your generated www.example.com.html
file then example.com will not load inside the iframe
because, in order to open example.com you must have http://
in your website in src
attribute. like this: src="http://www.example.com"
But user can't write http://
before websites name in sites.txt
file because then .html
file won't be created because of filename error in Kali Linux.
SOLUTION:
To solve the issue best solution i found is, by modifying the Clickjacking_Tester.py
a little bit like below:
BEFORE Modification Clickjacking_Tester.py
(With an Issue):
...
def create_poc(url):
''' create HTML page of given URL '''
code = """
<html>
<head><title>Clickjack test page</title></head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="{}" width="500" height="500"></iframe>
</body>
</html>
""".format(url)
with open(url + ".html", "w") as f:
f.write(code)
f.close()
...
AFTER Modification Clickjacking_Tester.py
(Without any Issue):
...
def create_poc(url):
''' create HTML page of given URL '''
code = """
<html>
<head><title>Clickjack test page</title></head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="http://{}" width="500" height="500"></iframe>
</body>
</html>
""".format(url)
with open(url + ".html", "w") as f:
f.write(code)
f.close()
...
You just have to add http://
in <iframe src="http://{}" ...
, So that the automatically generated .html
files by Clickjacking-Tester can contain <iframe src="http://www.example.com" ...>
instead of <iframe src="www.example.com" ...>
so that targeted website will load inside <iframe>
.
I hope i'm making some sense here. 😃
Please consider this.
Kind Regards,
Sujit