Pin It

Facebook Clickjacking Scripts Hijacking Facebook Users


In the following post Hijacking Facebook Users With Clickjacking our guest author gave a detailed explanation about the idea behind clickhijacking attack. Therefore in this post we will not talk or explain the mechanism behind clickhijacking attack. The goal and moto of this post is to let you know how abusive this attack has been since past recent months.
So for those of you who don't know Clickjacking is?, it is a method of hijacking a users click in tricking him to click in to clicking some thing else. In the past Clickhijacking was used to hijack users click in to clicking on advertisements and make revenue.

Here is an example of a wordpress clickhijacking script that costs about 15$, that would trick the users into clicking ads without annoying them.



However now a days clickjacking is being used for tricking users in to liking a facebook page. As you might know that due to panda effect internet marketers are seen to be more focused on social media promotion. Therefore clickjacking scripts provid lots and lots of benefits to people who tend to use black hat SEO for promotion of the website and facebook pages. 

But what makes this even worse is the people distributing the clickjacking scripts for free or selling it. Recently I came across dozens of forums selling clickjacking scritps on a very cheap rate.
Here are some of the screen shots which I took recently: 





Demonstration

In order to demonstrate how clickjacking works, I setup a page on my free hosting account embedded with clickjacking script that would trick the users into liking the following page on clicking:



Here is the screenshot of the page where I installed Clickjacking script. (I took the script from an online forum and then modified it to meet my needs). The infected page stated the following: 



On clicking the click here to download your FreeToSell Package link the script was initiated which automatically liked the voteformypic page. 



By now you might have understood the whole idea behind the clickjacking attack. However if you would like to see more detailed analysis, I would recommend you to check the following post Hijacking Facebook Users With Clickjacking






Note: We have not shared the link to the infected page in order to prevent any misuse, However if you are really interested in testing the attack for your self kindly leave an email to rafayhackingarticles@gmail.com.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!




Kindly Bookmark it and Share it with Friends:

9 comments :

Gazzaly on June 14, 2012 at 12:59 AM said...

Wow! another Rafay Class article :)
Thank you! Gonna share this in ma Blog with Credits
BTW welcome Back just roCk it Bhaiii


Regards
M.Gazzaly
(gazzaly.info)

Rafay Baloch on June 14, 2012 at 10:04 AM said...

@Gazzaly
Thanks brother, You have been one of top commentators of this blog and have been very supportive.

hanzla habib on June 14, 2012 at 9:16 PM said...

hey i really like your blog but cant understand !!! :P

Gazzaly on June 14, 2012 at 11:27 PM said...

you Warmly welcome my Dear Bro!!

Regards
M.Gazzaly
(gazzaly.info)

Anonymous said...

really interesting script..

but sir how can i use it for affiliate selling?

please send me code which we can use it for affiliate selling
( niki23798 (at) yahoo (dot)com )

Sk on June 25, 2012 at 10:28 AM said...

Great article!

manish bhattacharya on June 28, 2012 at 8:58 PM said...

thanks for such great study material for newbies like me

Content management system on July 7, 2012 at 12:38 PM said...

hello!! Very interesting discussion glad that I came across such informative post. Keep up the good work friend. Glad to be part of your net community.

dsdd on July 23, 2012 at 5:14 PM said...

I want to talk with u raffa

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.