filmov
tv
Matadoor - Multi-Step Clickjacking done RIGHT
Показать описание
Matadoor is a tool for creating ready-to-use Clickjacking exploits for abusing pre-established authentication sessions. It supports multi-step clickjacking in a way no other tool did before.
Matadoor allows hijacking multiple clicks without any change to the website's layout and functionality. The victim can interact with the page naturally - just like before deploying Matadoor exploit.
Matadoor can be deployed to blogs, stores, documentation - any kind of web application.
Also - preparing exploits with Matadoor doesn't require any coding knowledge.
If the website is vulnerable to click-jacking - Matadoor has potential to bypass all methods of authentication. Even 2FA and federated authentication/SSO. If the session is validated only by the cookie, and the browser has the authentication cookie deployed - Matadoor will be able to inject a privileged action into that session.
This tool is perfect for bug bounty hunting, as many programs excluded clickjacking due to low criticality. Yet as Matadoor is able to hijack even the most complicated actions - consisting of multiple clicks/stages/screens - the criticality of clickjacking becomes much higher.
To disable iFraming - add HTTP headers to your server responses:
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Matadoor allows hijacking multiple clicks without any change to the website's layout and functionality. The victim can interact with the page naturally - just like before deploying Matadoor exploit.
Matadoor can be deployed to blogs, stores, documentation - any kind of web application.
Also - preparing exploits with Matadoor doesn't require any coding knowledge.
If the website is vulnerable to click-jacking - Matadoor has potential to bypass all methods of authentication. Even 2FA and federated authentication/SSO. If the session is validated only by the cookie, and the browser has the authentication cookie deployed - Matadoor will be able to inject a privileged action into that session.
This tool is perfect for bug bounty hunting, as many programs excluded clickjacking due to low criticality. Yet as Matadoor is able to hijack even the most complicated actions - consisting of multiple clicks/stages/screens - the criticality of clickjacking becomes much higher.
To disable iFraming - add HTTP headers to your server responses:
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
0:15:06
Matadoor - Multi-Step Clickjacking done RIGHT
0:09:35
Lab: Multistep clickjacking
0:04:26
Clickjacking
0:02:42
ClickJacking Basics Part 1
0:00:50
Yahoo clickjacking
0:01:38
What is Clckjacking Attack | Vulnerability | How Clickjacking Works | Hackingknowledge | #working#hk
0:01:46
MouseJack Attack With JackIT And Mimikatz
0:04:32
How to find Click Jacking Vulnerability using Kali Linux
0:59:43
Hacking with Friends Live: Weekly Security News and Hacking Tools
Комментарии