WilliamH wrote:Hey all.
I want to see if a particular page has some elements that provide for clickjacking?
That is, spots on the page where if I click then I activate something that is obscured?
Can eValid do this?
Thanks
Morning WillimaH. Thanks for posting.
That's a good one! Not often we get a suggesion for a really NEW applcation of eValid.
Basically, you want to look in DOM in the page for any element that is sensitive to a click and which contains some obscured action of some kind. In JavaScript (how else can you take an obscured action.).
You do have to have something specific in mind for what such clickjacking JavaScript might look like, and then you simply do a sequence IndexFindElementEx commands to look for instances of that pattern. You might run 100 of these
searches (which will be slow) or you might for 1000 of them, depending on how big the page is.
If you hit something -- one of your propsed patterns matches something on the page -- they you're home free: you found an instance of a clickjacking passage.
-- eValid Support
Posted: Thu Aug 21, 2014 11:32 am