Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites
| 2405 downloads
Web framing attacks such as clickjacking use iframes to
hijack a user's web session. The most common defense,
called frame busting, prevents a
site from functioning when loaded inside a frame.
We study frame busting practices for the Alexa Top-500 sites
and show that all can be circumvented in one way or another. Some
circumventions are browser-specific while others work across browsers.
We conclude with recommendations for proper frame busting.
You might also like reading
Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks
web security 2010