1
00:00:00,270 --> 00:00:02,910
Hello, everyone, and welcome to this video.

2
00:00:03,660 --> 00:00:10,310
So in this video, we are going to see an interesting tool that we have created to identify click checking

3
00:00:10,350 --> 00:00:11,740
based on liabilities.

4
00:00:12,090 --> 00:00:20,640
So in case you have multiple targets and you need to identify everything based on automation and you

5
00:00:20,640 --> 00:00:27,060
do not want to manually write the code, go to the browser, check if it is loading into the iFrame

6
00:00:27,060 --> 00:00:31,160
successfully or not, and identifying if the target is vulnerable or not.

7
00:00:31,740 --> 00:00:38,790
So you're we have coded a pattern, simple script, which will help you to even create the PEOC and

8
00:00:38,790 --> 00:00:41,590
prove the click tracking based flaws.

9
00:00:42,120 --> 00:00:48,840
This is going to help you to identify multiple targets and it is going to help your help you save your

10
00:00:48,840 --> 00:00:49,620
time as well.

11
00:00:50,100 --> 00:00:56,940
So let's quickly see, how can we use this script to identify if the targets are vulnerable to click

12
00:00:56,940 --> 00:00:57,370
tracking.

13
00:00:58,290 --> 00:00:58,680
All right.

14
00:00:58,950 --> 00:01:00,690
So it is a python based tool.

15
00:01:00,690 --> 00:01:06,830
So obviously we had to write Python Click Juggernaut by and then the target Web site name.

16
00:01:07,080 --> 00:01:14,580
So let's say we try, first of all, in this website, which is test BHP dot dot com.

17
00:01:14,730 --> 00:01:17,580
As we know, this website is vulnerable to click tracking.

18
00:01:18,180 --> 00:01:26,220
Let's identify if you are able to see that if it gets detected by our tool and does it create a block

19
00:01:26,220 --> 00:01:26,740
for us.

20
00:01:27,120 --> 00:01:33,540
So I'm just going to simply hit enter and you can see it is just complete and you can see the click

21
00:01:33,550 --> 00:01:34,830
jerking test results.

22
00:01:34,860 --> 00:01:41,670
Our target is this website and you can see the target is rendered below, which prove that it is one

23
00:01:41,670 --> 00:01:42,020
level.

24
00:01:42,420 --> 00:01:48,580
And again, this is the example of click tracking iFrame and link, which is normally invisible, perfect.

25
00:01:48,870 --> 00:01:54,420
So we are able to identify the target as vulnerable as well as we are able to generate a C to which

26
00:01:54,420 --> 00:02:00,590
you can just simply click a screenshot and send it to the target program.

27
00:02:00,960 --> 00:02:07,500
Obviously, remember when you are identified, click tracking based on abilities you also need to show

28
00:02:07,830 --> 00:02:09,390
or action.

29
00:02:09,690 --> 00:02:17,450
It can be a sensitive action that basically get approved whenever you are going to test click tracking

30
00:02:17,490 --> 00:02:18,610
based on abilities.

31
00:02:19,230 --> 00:02:19,670
All right.

32
00:02:19,710 --> 00:02:24,720
So let's test one more target to confirm everything is working fine.

33
00:02:25,050 --> 00:02:29,820
So we have already proved the flaw on only Norten.

34
00:02:29,820 --> 00:02:35,100
And let's see if the tool identifies the click tracking vulnerability onto this target.

35
00:02:35,130 --> 00:02:41,010
So I'm just going to hit enter and you can see click tracking test results.

36
00:02:41,010 --> 00:02:45,600
If you see the target website is rendered below, it is vulnerable and perfect.

37
00:02:45,870 --> 00:02:48,640
We are able to see the target website is rendered below.

38
00:02:48,900 --> 00:02:54,840
Now you can further make the PEOC generate a certain set of actions from the target through the tool

39
00:02:54,840 --> 00:02:56,430
that we have already seen.

40
00:02:57,720 --> 00:03:04,320
And you can make a successful policy and increase the severity of the website and submit it to the target

41
00:03:04,320 --> 00:03:05,350
program as well.

42
00:03:05,880 --> 00:03:13,050
So I hope you guys understood and this is going to help you a lot in automating your work identification

43
00:03:13,050 --> 00:03:19,830
of a vulnerable website and later on identifying sensitive actions onto that website and making a report

44
00:03:19,830 --> 00:03:24,470
and sending it to the target bug bounty program or your penetration testing job.

45
00:03:24,720 --> 00:03:26,130
So I hope you guys understood.

46
00:03:26,400 --> 00:03:26,940
Thank you.