1
00:00:01,670 --> 00:00:04,370
Hello, everyone, welcome to this video.

2
00:00:05,300 --> 00:00:12,620
So in this video, we are going to see how you can increase the severity of click jacking attack.

3
00:00:13,100 --> 00:00:20,990
As we all know that whenever you identify a trigger based vulnerability into any target of application

4
00:00:21,470 --> 00:00:27,460
at that particular point of time, this vulnerability is considered as a low one liability.

5
00:00:28,130 --> 00:00:36,110
But in case you are able to identify any sensitive action onto the target web application or you are

6
00:00:36,110 --> 00:00:45,860
able to do any sensitive action onto the target Web site, then the severity jumps to a high or medium

7
00:00:45,860 --> 00:00:46,230
level.

8
00:00:47,420 --> 00:00:57,290
So it depends how you can utilize Click Jianqing to perform a sensitive action and bump the severity

9
00:00:57,290 --> 00:00:59,490
of the Target website.

10
00:01:00,350 --> 00:01:08,030
So for that, we have created a particular tool which is going to help you to increase the severity

11
00:01:08,030 --> 00:01:10,520
of click checking based attacks.

12
00:01:11,180 --> 00:01:20,180
Now, as you can see onto the screen, there are three buttons, namely Drag Me, which is a login button.

13
00:01:20,540 --> 00:01:24,850
You can see an email button and you can see drag me passwords.

14
00:01:25,070 --> 00:01:32,330
So the main scenario that we are going to create over here is we are going to drag these buttons on

15
00:01:32,330 --> 00:01:39,800
to an actual vulnerable target application and we are going to put this email and password and login

16
00:01:39,800 --> 00:01:43,840
buttons over the target web applications actual button.

17
00:01:44,090 --> 00:01:51,140
And we are going to impersonate the target of application and then we are going to exploit the click

18
00:01:51,140 --> 00:01:55,500
checking scenario now before doing this.

19
00:01:55,520 --> 00:02:00,850
Let's understand how you can utilize this so that you will be able to understand.

20
00:02:01,640 --> 00:02:06,860
Now, I have opened this particular tool from my localhost machine.

21
00:02:06,880 --> 00:02:12,080
As you can see, the you are is the user through it like stopwork courses.

22
00:02:12,380 --> 00:02:19,010
You remixers click check tool and indexed at G.M. So I will just reload this again to confirm.

23
00:02:19,770 --> 00:02:26,990
Now you can see this particular tool is running in the original file, so I'm going to attach the code.

24
00:02:27,410 --> 00:02:29,110
So with a description.

25
00:02:29,120 --> 00:02:32,670
So you guys, you guys can use it from the resources section.

26
00:02:33,230 --> 00:02:37,730
Now once you have done this, it is going to open something like this.

27
00:02:37,940 --> 00:02:44,420
Now, let's try to load a venerable website over here where you can see you are.

28
00:02:44,720 --> 00:02:52,370
So let me just quickly open or vulnerable of application for demonstration.

29
00:02:52,400 --> 00:02:59,510
I'm going to choose this wonderful application, but just test BHP DOT Will Web.com and I'm going to

30
00:02:59,510 --> 00:03:00,860
click on lowed.

31
00:03:01,160 --> 00:03:06,730
Once I click on Load, it is going to load it into the background, as you can see over here.

32
00:03:07,040 --> 00:03:12,350
So I'm going to drag this onto the right hand side so you can clearly see the website over here.

33
00:03:12,590 --> 00:03:16,160
So now this website has successfully loaded into an iFrame.

34
00:03:16,760 --> 00:03:22,350
Now I'm going to click on your profile so it asks me to login.

35
00:03:22,670 --> 00:03:25,600
Now, this is a sensitive action, which is to login.

36
00:03:25,970 --> 00:03:26,450
All right.

37
00:03:26,750 --> 00:03:32,560
Now, what I'm going to do is I'm I'm going to craft my click checking PEOC over here.

38
00:03:32,900 --> 00:03:36,860
So let me just drag this email onto the user name part.

39
00:03:37,010 --> 00:03:43,920
As you can see over here, you have to match this particular white feel about exactly the username feel.

40
00:03:43,980 --> 00:03:45,840
So let me just put it over here.

41
00:03:46,370 --> 00:03:52,730
You do not need to be perfect into this, but you just need to put it above that.

42
00:03:53,150 --> 00:03:57,260
Let's drag the password button and let's keep it over here as well.

43
00:03:57,800 --> 00:03:58,910
Now, the login one.

44
00:03:59,480 --> 00:04:01,870
Let's keep it over here.

45
00:04:02,360 --> 00:04:02,870
All right.

46
00:04:02,900 --> 00:04:11,990
Now it looks perfect and we are going to craft this so that we basically can show the impact or demonstration

47
00:04:11,990 --> 00:04:17,540
of click checking at the attack onto this Web application to increase the severity.

48
00:04:18,170 --> 00:04:22,220
Now, once you have done this, you just need to click on load.

49
00:04:22,370 --> 00:04:24,410
So I'm sorry.

50
00:04:24,410 --> 00:04:26,220
You just need to click on View.

51
00:04:26,330 --> 00:04:31,370
So once you click on View, you will be able to see a new sandbox start.

52
00:04:31,370 --> 00:04:35,000
XHTML page has successfully opened automatically.

53
00:04:35,480 --> 00:04:43,010
And you can see there are two fields which are overlapping or overlaying on to the previous field,

54
00:04:43,010 --> 00:04:44,180
as you can see over here.

55
00:04:44,780 --> 00:04:47,720
Now, once the user logs in over here.

56
00:04:47,810 --> 00:04:57,860
So let me show you by giving a user name, test and password as admin and hit signing and let's see

57
00:04:57,860 --> 00:04:58,430
what happens.

58
00:04:58,910 --> 00:05:01,070
So once I click assigning, you can see.

59
00:05:01,280 --> 00:05:06,600
Speed chase, captured credentials are usernames and passwords admin.

60
00:05:06,830 --> 00:05:14,270
So this way, the attacker is able to capture the credentials and the credentials that we used was username

61
00:05:15,020 --> 00:05:16,210
and password admin.

62
00:05:16,490 --> 00:05:25,530
So like this in this scenario, if any victim logs in over here, then he is going to give out his credentials.

63
00:05:25,940 --> 00:05:31,880
So this is one of the best way to demonstrate the winnability that you are able to steal the credentials

64
00:05:31,880 --> 00:05:34,850
of any user using click jacking.

65
00:05:34,880 --> 00:05:41,400
So this jumps the severity from low to high and this is how you do it.

66
00:05:42,030 --> 00:05:52,190
Now, for some cases, how are you going to receive these credentials onto the attackers place or to

67
00:05:52,250 --> 00:05:53,070
attack a server?

68
00:05:53,090 --> 00:05:59,600
So let's say you have sended this particular link to any victim and the victim opens up this particular

69
00:05:59,600 --> 00:06:00,080
page.

70
00:06:00,590 --> 00:06:02,310
It looks something like this.

71
00:06:02,870 --> 00:06:07,680
Now, how is the victim when he logs in?

72
00:06:07,700 --> 00:06:15,020
How are how are the credentialled going to be sent to the attacker so far that this code also contains

73
00:06:15,020 --> 00:06:22,010
a window, that location, not address, but says send the credentials to this particular.

74
00:06:22,010 --> 00:06:22,540
You are.

75
00:06:22,760 --> 00:06:31,500
So this demonstration I have been running a localhost server, which will get the email and password.

76
00:06:31,520 --> 00:06:34,970
So we are already getting it into an alert, which you have already seen.

77
00:06:35,180 --> 00:06:36,030
Let me show you again.

78
00:06:36,470 --> 00:06:43,730
So let's say I type your admin and password, also admin and signing it, able to see into the alert

79
00:06:43,730 --> 00:06:45,710
the captured green credentials.

80
00:06:45,980 --> 00:06:49,660
Now, it is also going to send it over here.

81
00:06:49,670 --> 00:06:54,910
As you can see, we are able to receive the credentials onto the server that I am running.

82
00:06:55,130 --> 00:06:57,590
So the command to run the server is very simple.

83
00:06:57,590 --> 00:07:04,460
You just need to type HP hyphen s CAPITALIS localhost and any port number you want.

84
00:07:04,490 --> 00:07:08,300
So we are we have started successfully a server.

85
00:07:08,300 --> 00:07:12,080
As you can see it is listening on localhost board eight thousand and one.

86
00:07:12,260 --> 00:07:20,560
And whenever the victim clicks or victim tries to login, the attacker is going to get the credentials.

87
00:07:20,570 --> 00:07:26,280
And this way the attacker can take these credentials to login into the target of an application.

88
00:07:26,870 --> 00:07:35,320
So I hope this is clear and you understand how you can utilize this particular tool to create policies

89
00:07:35,360 --> 00:07:39,350
for any click checking based vulnerabilities and increase the security.

90
00:07:39,650 --> 00:07:40,190
Thank you.