Clickjacking

00 — Overview

Clickjacking

Trick users into clicking something they never intended to. By overlaying a transparent iframe over a decoy UI, attackers can hijack button clicks, form submissions, and account actions.

Beginner·30 min·5 tasks

// By the end of this module

→Explain the UI redressing attack model and why transparent iframes are dangerous

→Detect frameable pages by checking X-Frame-Options and CSP frame-ancestors

→Build a clickjacking PoC that positions a decoy over a real sensitive button

→Understand multi-step and drag-and-drop jacking variants

→Apply frame-ancestors CSP and SameSite cookies to prevent clickjacking

// Prerequisites

Complete these before starting this module for the best experience.

Foundation · Beginner

How the Web Works

45 min

→

Foundation · Beginner

Browser DevTools for Hackers

20 min

→