1
00:00:01,890 --> 00:00:04,500
Hello, everyone, and welcome to this video.

2
00:00:05,100 --> 00:00:11,110
So in this video, we are going to see alive exploitation of click jacking when liability.

3
00:00:12,300 --> 00:00:12,780
All right.

4
00:00:12,870 --> 00:00:22,560
So we already know about tracking attacks and how an attacker can utilize this to make this low level

5
00:00:22,560 --> 00:00:25,240
vulnerability a high level one liability.

6
00:00:25,890 --> 00:00:34,440
So let's quickly jump into this video and see how can we actually simulate a click tracking based on

7
00:00:34,440 --> 00:00:40,810
liability and show it exploitation and security to the target program.

8
00:00:41,790 --> 00:00:46,110
So far, this, as you can see over here, my target is only Tartine.

9
00:00:46,440 --> 00:00:50,010
So I'm going to use this website to demonstrate the attack.

10
00:00:50,670 --> 00:00:54,780
So, first of all, I'm going to create an account under this overapplication.

11
00:00:55,200 --> 00:01:00,930
As you can see, I have successfully signed up and now I'm going to do my verification.

12
00:01:00,960 --> 00:01:06,430
Once the verification is done, I will have a valid account on this website.

13
00:01:07,620 --> 00:01:12,360
So let's just wait and let me complete the verification part and we can move ahead.

14
00:01:13,180 --> 00:01:22,380
Now, you can take any Web application that you want to prove based on liabilities if the page is successfully

15
00:01:22,380 --> 00:01:24,040
loading into your iFrame.

16
00:01:24,300 --> 00:01:32,010
So I have identified this website to be able to click tracking because they do not have proper mitigations

17
00:01:32,010 --> 00:01:34,270
for checking based on liability.

18
00:01:34,980 --> 00:01:36,960
Therefore, there are no extreme options.

19
00:01:37,110 --> 00:01:41,640
So once I have identified the target, I am creating account over here.

20
00:01:42,240 --> 00:01:47,760
As you can see, I have successfully created account and I am now logged into my account as well.

21
00:01:48,210 --> 00:01:54,780
I'm just updating my last name details to show you guys that I have successfully logged in and I have

22
00:01:54,780 --> 00:01:57,780
the rights to update the details of my account.

23
00:01:58,440 --> 00:01:58,910
All right.

24
00:01:58,920 --> 00:02:04,500
As you can see, I have created my account as well and I can update my details as well, which proves

25
00:02:04,500 --> 00:02:07,290
that I am logged into my account.

26
00:02:08,020 --> 00:02:14,140
Now, we require the click track tool that we have created to do the click tracking exploitation.

27
00:02:14,960 --> 00:02:22,560
Now, one thing to remember here is I'm going to prove this vulnerability onto my localhost website.

28
00:02:23,580 --> 00:02:31,400
OK, so what you guys can do is you can also create the same possie onto your localhost website.

29
00:02:31,440 --> 00:02:40,170
You can create it into your computer or else you can host your PC or your website onto any online free

30
00:02:40,170 --> 00:02:45,270
service like triple zero Web post.com in case you do not have your own personal website.

31
00:02:45,450 --> 00:02:48,220
Or you can post it on your personal website as well.

32
00:02:49,530 --> 00:02:51,550
The steps would be exactly the same.

33
00:02:52,110 --> 00:02:53,790
So let me just go into that folder.

34
00:02:54,030 --> 00:02:57,480
So I'm into the folder right now and the folder name is clicked actually.

35
00:02:57,900 --> 00:03:01,290
And again, these are the files which are inside that folder.

36
00:03:02,250 --> 00:03:05,520
Our important file is the index card XHTML.

37
00:03:05,580 --> 00:03:13,050
So I'm going to start a quick BHP server using the command hyphen s localhost Coolen eight thousand

38
00:03:13,050 --> 00:03:13,400
and one.

39
00:03:13,800 --> 00:03:18,180
So it is the portal number on which I have started my local HP server.

40
00:03:18,630 --> 00:03:19,110
Perfect.

41
00:03:19,590 --> 00:03:26,090
Now let's verify our BHP server has started and you can see successfully my server has started.

42
00:03:26,640 --> 00:03:28,340
So let's copy our target.

43
00:03:28,350 --> 00:03:32,550
You are a link and paste it over into the yard and load.

44
00:03:33,690 --> 00:03:40,560
As you can see, my target has successfully loaded into our localhost server that we have created.

45
00:03:40,980 --> 00:03:48,090
And again, see, this is exactly the same target which has successfully loaded and I am even logged

46
00:03:48,270 --> 00:03:49,290
into my account.

47
00:03:49,470 --> 00:03:53,520
So let us quickly first load off of our account.

48
00:03:53,520 --> 00:03:55,650
So I have logged out of my account.

49
00:03:56,010 --> 00:03:59,370
Let me again load it, as you can see.

50
00:03:59,400 --> 00:04:00,340
Yeah, perfect.

51
00:04:00,360 --> 00:04:04,800
Now you can see I am presented with the username password field.

52
00:04:05,010 --> 00:04:12,330
So let me get back to the username password field and it was only logged in slash log out.

53
00:04:12,330 --> 00:04:16,940
So I should be able to get the logging onto the login and print.

54
00:04:16,950 --> 00:04:17,360
All right.

55
00:04:17,640 --> 00:04:19,800
So I have to login and print right now.

56
00:04:20,040 --> 00:04:27,180
So we are going to craft a policy where we are going to first track the email, which is the first field,

57
00:04:27,180 --> 00:04:29,520
which is the email address will and keep it over here.

58
00:04:29,670 --> 00:04:31,260
So I'll just place it.

59
00:04:31,260 --> 00:04:34,710
You're running only to be perfect in placing it.

60
00:04:34,710 --> 00:04:37,860
You can place it as well as you want.

61
00:04:38,070 --> 00:04:45,180
Just a little bit on to the username and password field and let's place the login button over the login

62
00:04:45,180 --> 00:04:47,340
field or else let's do one thing.

63
00:04:47,340 --> 00:04:52,470
Let's be stored in the center instead of placing it onto the left.

64
00:04:53,700 --> 00:04:59,850
So if you have any issues in dragging this, I remember you just have to hold.

65
00:05:00,010 --> 00:05:04,520
The button and rugged, you just don't have to click it and move your mouse mouse pointer.

66
00:05:04,540 --> 00:05:09,520
You have to actually hold it and drag it, then it will work.

67
00:05:09,670 --> 00:05:10,050
All right.

68
00:05:10,060 --> 00:05:11,430
So I have dragged it over here.

69
00:05:11,740 --> 00:05:13,430
Now I will hit view button.

70
00:05:13,990 --> 00:05:16,570
Now, let's see what happens when we hit the view button.

71
00:05:16,600 --> 00:05:17,040
All right.

72
00:05:17,590 --> 00:05:24,860
So you can see it looks perfectly fine and our buttons have successfully overlapped the e-mail address.

73
00:05:24,890 --> 00:05:29,750
Will the password feel and the sign in button, which looks perfect for us.

74
00:05:30,250 --> 00:05:33,990
Now, you can notice over here we are on to over localhost.

75
00:05:34,000 --> 00:05:35,590
This is our local hospital.

76
00:05:35,740 --> 00:05:43,570
And as I mentioned before, the starting of the video, you can host this application, which we hosted

77
00:05:43,570 --> 00:05:48,910
into our local BHP Solar on the Alive or website as well.

78
00:05:49,270 --> 00:05:55,960
If in case you do not have any of the websites you can hosted on triple zero Web hosting Dotcom, it

79
00:05:55,960 --> 00:06:03,080
provides you free hosting and you can host this bucy there and you can prove the floor as well.

80
00:06:03,340 --> 00:06:05,260
The steps are exactly the same.

81
00:06:06,680 --> 00:06:14,870
All right, so now we have successfully loaded it all here, so let's assume the victim comes over our

82
00:06:14,870 --> 00:06:21,860
this target and he thinks like he have to login into the only website because it is successfully getting

83
00:06:21,860 --> 00:06:24,100
loaded into our iFrame.

84
00:06:24,500 --> 00:06:27,290
So he gives his username and password clicks on.

85
00:06:27,290 --> 00:06:29,710
I'm not a robot, so bypasses.

86
00:06:30,260 --> 00:06:34,100
So let's bypass this by giving the correct.

87
00:06:35,670 --> 00:06:42,880
Capture and hit on Titan, and you can see perfect captured credentials are username is Hakodate Udemy

88
00:06:42,940 --> 00:06:46,380
A.T.M. dot com password is admin and trade.

89
00:06:46,410 --> 00:06:47,180
One, two, three.

90
00:06:47,520 --> 00:06:53,430
So this way the attacker is able to successfully get hold of the credentials in which he has got the

91
00:06:53,430 --> 00:06:56,040
username and password for the demonstration.

92
00:06:56,090 --> 00:07:02,280
We here, we have put or allowed the credentials to be into the ballot box.

93
00:07:02,280 --> 00:07:08,130
In real case scenario, this will be automatically send it to the attack as Web server that we have

94
00:07:08,130 --> 00:07:14,820
already seen into the previous video and we have seen how the credentials are sent to the attackers

95
00:07:14,970 --> 00:07:15,500
server.

96
00:07:16,020 --> 00:07:24,420
So I hope you guys understood how you can make and demonstrate this attack to prove the severity and

97
00:07:24,420 --> 00:07:26,440
how you can perform the exploitation.

98
00:07:26,910 --> 00:07:27,480
Thank you.