Busting frame busting a study of clickjacking vulnerabilities on popular sites

Gustav Rydstedt; Elie Bursztein; Dan Boneh; Collin Jackson

Busting frame busting a study of clickjacking vulnerabilities on popular sites

Download Publication • Slides • Bibtex
Conference Web 2.0 Security and Privacy 2010
Authors Gustav Rydstedt , Elie Bursztein , Dan Boneh , Collin Jackson

Web framing attacks such as clickjacking use iframes to hijack a user's web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.

measurement hacking

security

Malicious Documents Emerging Trends: A Gmail Perspective

Talk

RSA 2020

security

Account protections -- A Google Perspective

Talk

FIC 2020

web

Insights about the first five years of Right to Be Forgotten requests at Google

Blog post

Dec 2019

.lazy-load, .results-container { opacity: 1 !important; } .filter-text, .filter-inputs, .menu-search,.video_wrapper, .floating-menu { display: none; } .hidden, .embed-wrapper { display: block; } .script-menu-button { display:none !important; }