If you've ever worked through a web application pentest and found clickjacking vulnerabilities,you may have had some trouble in the "why is this important" conversation with your client. The newest versions of Burp (after 1.6.32) have a new feature called "ClickBandit". ClickBandit will create the clickjacking attack for you, so you can illustrate the business impact to your client on their own site. There's nothing like a video of their own site getting exploited to bring the point home! More details on this new feature here: http://blog.portswigger.net/2015/12/burp-clickbandit-javascript-based.html. =============== |
Rob VandenBrink 579 Posts ISC Handler Dec 10th 2015 |
Thread locked Subscribe |
Dec 10th 2015 6 years ago |
I followed the instructions in the site, saved the clickjacked.html, & opened it in the browser. I clicked on "Click" button, but didn't get "You've been clickjacked!". Does that mean site is not vulnerable?
|
Anonymous |
Quote |
Dec 14th 2015 6 years ago |
Sign Up for Free or Log In to start participating in the conversation!