1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Clickjacking Technique Using the 'onmousedown' Event

Discussion in 'Black Hat SEO Tools' started by ★WiM★, Dec 3, 2008.

  1. ★WiM★

    ★WiM★ Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 8, 2008
    Messages:
    462
    Likes Received:
    457
    Occupation:
    CPA Network
    Location:
    Europe
    Clickjacking Technique Using the 'onmousedown' Event

    He covered a number of techniques to accomplish generating a 'popup' window without triggering any of the traditional popup protections that some browsers feature. The idea was essentially to cause the user to 'request' the popup, thus making it legitimate in the eyes of the browser. Later, he covered his speculation on the 'real clickjacking' attack, which didn't use JavaScript at all but rather did some interesting CSS overlay trickery to hijack a link out from under the user as they clicked on it.

    During some research that I was recently performing that I'll likely post about a little later, I discovered another technique that's a bit of a middle-ground between the two methods that Tod was discussing in his blog posts. He came close to this one with his hooking of the 'onmouseup' event, however he was having it spawn a completely new window (the popup) in addition to following the link rather than 'jacking the click' and sending it somewhere entirely different. This is essentially the same type of event hooking technique, but it is used to accomplish actual replacement of the link's target URL.

    The following JavaScript function accepts as arguments a link object such as you would find in the document object's links array and a URL that you want to override the original link's URL with:
    function AddJacker(link, url) {
    if ( link.addEventListener ) {
    link.addEventListener("mousedown", function(e){link.href=url;}, false);
    } else if ( link.attachEvent ) {
    link.attachEvent("onmousedown", function(e){link.href=url;});
    } else {
    var oldhandler = link["onmousedown"];
    if ( oldhandler ) {
    link["onmousedown"] = function(e){oldhandler(e);link.href=url;};
    } else {
    link["onmousedown"] = function(e){link.href=url;};
    }
    }
    }

    What this essentially does is create an event handler for the 'onmousedown' event for the target link. When the user clicks on the link, the 'onmousedown', 'onclick', and 'onmouseup' events are fired. Since the 'onmousedown' event happens first, the event handler is called which replaces the link object's href value with the new target URL, which happens before the user is sent on their way to that link's target URL.

    The interesting bit about this technique in comparison to the 'onmouseup' technique that Tod was using is that it doesn't result in the user both going to the original target as well as the new target; they are only redirected to the new target, completely overriding the original target. Like Tod's technique, because the new target URL is hiding in a function that is handling the 'onmousedown' event, a mouseover of the link in the browser indicates that it is still targeting the link's original URL. The replacement of the URL doesn't happen until the user actually clicks on the link.
    :rolleyes:
     
    • Thanks Thanks x 4
  2. turnshoe

    turnshoe Registered Member

    Joined:
    Jul 30, 2008
    Messages:
    58
    Likes Received:
    18
    Well, good code, if it just would work with current browsers. FireFox 3 as well as IE8 are ignoring the onmouse events completely now, hence this code won´t work at all.
     
  3. mr4army

    mr4army Regular Member

    Joined:
    Nov 23, 2008
    Messages:
    459
    Likes Received:
    80
    Home Page:
    yeah that is very true im sure there is away to make it work with both am i right?
     
  4. menly

    menly Registered Member

    Joined:
    Nov 22, 2008
    Messages:
    81
    Likes Received:
    22
    Location:
    Nottingham UK
    There has to be, whoever owns packetnews has managed it, my popup blocker stops all pop ups until I click anywhere on the page and then BAM up they pop.
     
  5. safex

    safex Jr. VIP Jr. VIP

    Joined:
    Dec 28, 2009
    Messages:
    3,433
    Likes Received:
    518
    Occupation:
    Search Engine Optimization
    Location:
    BLCVA.com
    Home Page:
    Yes, Onmouseevent function not works any more..
     
  6. makingfastcash22

    makingfastcash22 Senior Member

    Joined:
    Feb 15, 2009
    Messages:
    1,152
    Likes Received:
    178
    Home Page:
    Bro this post is from 2008 and Dusty! :)