Burp Clickbandit- BurpSuite’s Clickjacking Tool

While using BurpSuite 1.7.03, the click of my mouse accidentally(luckily though!!) hits the BurpSuite Documentation from where I notice “Burp Clickbandit“.

So, what is Burp Clickbandit? Burp’s documentation states:

Burp Clickbandit is a tool for generating clickjacking attacks. When you have found a web page that may be vulnerable to clickjacking, you can use Burp Clickbandit to create an attack, and confirm that the vulnerability can be successfully exploited.

and PortSwigger’s blog states:

Manually crafting a proof of concept attack can mean laborious hours of offset-tweaking, so we’ve just released Burp Clickbandit, a point-and-click tool for generating clickjacking attacks.

Clickjacking or “UI redress attack” is an attack wherein an attacker lures victim onto clicking on attacker’s page without victim’s consent as only the crafted website is visible to the victim (which is superimposed over attacker’s page!).

Burp Clickbandit is a tool which allows to generate Proof of Concepts quickly by detecting the HTML elements(<p>,<img>,<div> etc.) when clicked upon and using their dimensions and position to generate the relevant click area. Further, it also uses the mouse’s x and y coordinates along with zooming into the object to provide click area in cases where iframe or flash objects are encountered to prevent inaccuracy.

1

Burp Clickbandit

The tool contains following features as quoted by PortSwigger:

  • Supports multi-click attacks
  • Written in pure JavaScript, and trivial to deploy
  • Supports transparency, clearly showing the attack mechanics
  • Works on most websites!

Inorder to execute this tool you need to follow below mentioned instructions:

  1.  Go to Burp Tab –> Burp Clickbandit.
  2. Click Copy Clickbandit to clipboard.
  3. Open the website in the browser where you want to execute this attack (lets say http://www.certifiedhacker.com).
  4. Open Console  in Inspect Element of the browser.
  5. Now, paste the clipboard content and execute it inside Console.

Now, you are executing this tool.

You will encounter two modes while using this tool.

  1. Record Mode: Just when you execute the script into the browser’s console at the target website, the script’s Iframe will load the target website(www.certifiedhacker.com) and will ask you to record the click (or string of clicks) over HTML elements. This step plans the strategy on how the victim’s click(s) will be hijacked.
  2. Review Mode: After selecting the desired objects where the action has to be performed, the tool places click over the superimposed target website(www.certifiedhacker.com) and when victim clicks the desired click area, the attack is successful. see slideshow for reference.

The following commands are available in review mode:

  • The + and – buttons can be used to zoom in and out.
  • The “toggle transparency” button lets you show or hide the original page UI.
  • The “reset” button restores the generated attack, as it was before any further clicks were made.
  • The “save” button saves an HTML file containing the attack. This can be used as a real-world exploit of the clickjacking vulnerability.
  • You can use the keyboard arrow keys to reposition the attack UI if is not correctly aligned with the original page UI.

This slideshow requires JavaScript.

Hope these features improves your experience of using the awesome Burp Suite tool. Please let me know if I can improve any part of this technical write up.

 

 

We would love to hear from you..

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s