Busting frame busting a study of clickjacking vulnerabilities on popular sites

Gustav Rydstedt; Elie Bursztein; Dan Boneh; Collin Jackson

Busting frame busting a study of clickjacking vulnerabilities on popular sites

Download Slides • Publication • Bibtex
Conference Web 2.0 Security and Privacy 2010
Authors Gustav Rydstedt , Elie Bursztein , Dan Boneh , Collin Jackson

Web framing attacks such as clickjacking use iframes to hijack a user's web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.

measurement hacking

security

Password checkup: from 0 to 650, 000 users in 20 days

Blog post

Mar 2019

security

Account security - a divided user perception

Blog post

Feb 2019

Rethinking the detection of child sexual abuse imagery on the internet

Talk

Enigma 2019

.lazy-load, .results-container { opacity: 1 !important; } .filter-text, .filter-inputs, .menu-search,.video_wrapper, .floating-menu { display: none; } .hidden, .embed-wrapper { display: block; } .script-menu-button { display:none !important; }