d4vinci / clickjacking-tester Goto Github PK
View Code? Open in Web Editor NEWA python script designed to check if the website if vulnerable of clickjacking and create a poc
License: GNU General Public License v3.0
A python script designed to check if the website if vulnerable of clickjacking and create a poc
License: GNU General Public License v3.0
You wrote this python script by considering user have to put http://
before website name in their sites.txt
file,
But if we put http://
before www.example.com
then we get following error:
┌──(kali㉿kali)-[~/Clickjacking-Tester]
└─$ python3 Clickjacking_Tester.py /home/kali/Desktop/sites.txt 148 ⨯ 1 ⚙
[*] Checking http://www.example.com
[+] Website is vulnerable!
Traceback (most recent call last):
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 58, in <module>
if __name__ == '__main__': main()
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 52, in main
create_poc(site.split('\n')[0])
File "/home/kali/Clickjacking-Tester/Clickjacking_Tester.py", line 35, in create_poc
with open(url + ".html", "w") as f:
FileNotFoundError: [Errno 2] No such file or directory: 'http://www.example.com.html'
This is because Linux OS
not allowing users to create file with name http://
in the beginning. This only happens if we put http://
before website name like below.
But in order to create a file with name url + ".html"
, i can remove http://
from my website in sites.txt
. Example: www.example.com
Now, I can successfully create a file in Kali linux with name www.example.com.html
.
But, New big issue arise here after doing this, The <iframe>
tag inside HTML file will be generated like this:
<iframe src="www.example.com" width="500" height="500"></iframe>
and if u open your generated www.example.com.html
file then example.com will not load inside the iframe
because, in order to open example.com you must have http://
in your website in src
attribute. like this: src="http://www.example.com"
But user can't write http://
before websites name in sites.txt
file because then .html
file won't be created because of filename error in Kali Linux.
To solve the issue best solution i found is, by modifying the Clickjacking_Tester.py
a little bit like below:
BEFORE Modification Clickjacking_Tester.py
(With an Issue):
...
def create_poc(url):
''' create HTML page of given URL '''
code = """
<html>
<head><title>Clickjack test page</title></head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="{}" width="500" height="500"></iframe>
</body>
</html>
""".format(url)
with open(url + ".html", "w") as f:
f.write(code)
f.close()
...
AFTER Modification Clickjacking_Tester.py
(Without any Issue):
...
def create_poc(url):
''' create HTML page of given URL '''
code = """
<html>
<head><title>Clickjack test page</title></head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="http://{}" width="500" height="500"></iframe>
</body>
</html>
""".format(url)
with open(url + ".html", "w") as f:
f.write(code)
f.close()
...
You just have to add http://
in <iframe src="http://{}" ...
, So that the automatically generated .html
files by Clickjacking-Tester can contain <iframe src="http://www.example.com" ...>
instead of <iframe src="www.example.com" ...>
so that targeted website will load inside <iframe>
.
I hope i'm making some sense here. 😃
Please consider this.
Kind Regards,
Sujit
[+] Website is vulnerable!
Traceback (most recent call last):
File "Clickjacking_Tester.py", line 58, in
if name == 'main': main()
File "Clickjacking_Tester.py", line 52, in main
create_poc(site.split('\n')[0])
File "Clickjacking_Tester.py", line 35, in create_poc
with open(url + ".html", "w") as f:
FileNotFoundError: [Errno 2] No such file or directory: ----
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.