Implementation of Web Browser Extension for Mitigating Clickjacking Attack

Clickjacking is an attack that attracts the web surfer to click on invisible elements on a malicious web page to perform an unwanted action which is beneficial for the attacker. Many recent research studies have shown that clickjacking is the primary source of different exploitations such as cross site request forgery (CSRF) and phishing attacks. In this paper we propose ClickDetector, a chrome extension to defeat the attacker attempt to perform clickjacking attacks; it detects all advanced clickjacking attacks techniques reported by OWASP, Our ClickDetector tool is composed of the following components, based on the following three steps: Request analysis. Response header analysis Response page analysis

[1]  Daehyun Kim,et al.  Performing Clickjacking Attacks in the Wild: 99% are Still Vulnerable! , 2015, 2015 1st International Conference on Software Security and Assurance (ICSSA).

[2]  Hossain Shahriar,et al.  ProClick: a framework for testing clickjacking attacks in web applications , 2013, SIN.

[3]  Dipti Pawade,et al.  Implementation of extension for browser to detect vulnerable elements on web pages and avoid Clickjacking , 2016, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence).

[4]  S. Chandrasekaran,et al.  HDTCV: Hybrid Detection Technique for Clickjacking Vulnerability , 2016 .

[5]  Helen J. Wang,et al.  Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.

[6]  Hossain Shahriar,et al.  Request and Response Analysis Framework for Mitigating Clickjacking Attacks , 2015, Int. J. Secur. Softw. Eng..

[7]  Ahmad A. Al-Daraiseh,et al.  Security evaluation of Saudi Arabia's websites using open source tools , 2015, 2015 First International Conference on Anti-Cybercrime (ICACC).

[8]  Sufian Hameed,et al.  Clicksafe: Providing Security against Clickjacking Attacks , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.