1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Double, Triple, QUADRUPLE Clickjacking?

Discussion in 'BlackHat Lounge' started by TomOh, Oct 8, 2011.

  1. TomOh

    TomOh Registered Member

    Joined:
    Apr 29, 2011
    Messages:
    58
    Likes Received:
    13
    Clickjackers, I am looking for an answer...

    So, say a user gets clickjacked, what if the site receiving the jacked click also has a clickjacking script installed on it? Would that register as a double clickjack?

    Could the double script lead to an endless chain of jacks?

    Main Jacking Site > Jacked click site with clickjacking script also installed > next jacked click site with script installed > repeat > repeat > repeat....

    Is this possible or does it simply not work this way...?

    If it does, the possibilities could be... well, kind of scary.

    Thoughts are appreciated,
     
  2. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    User would press these buttons simultaneously to kill your idea : Alt + F4.

    Double clickjacking would be great, build the chain and the people knows how to deal with it.
     
  3. TomOh

    TomOh Registered Member

    Joined:
    Apr 29, 2011
    Messages:
    58
    Likes Received:
    13
    2 responses to that:

    1) I doubt the common uneducated computer user would realize right away to press Alt + F4. That's just not a common command people know off the top of their heads if they aren't into computers...

    2) If the chain was only 2-4 sites long, the Alt + F4 wouldn't matter because their visit has already been taken account for by the time they would get to it.

    My question still being, is it POSSIBLE to do such a chain?