This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Click Me Project"
Arun Kumar V (talk | contribs) |
Arun Kumar V (talk | contribs) (→Download) |
||
(32 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
=Main= | =Main= | ||
− | <div style="width:100%;height: | + | <div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div> |
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
Line 8: | Line 8: | ||
==OWASP Click Me Project== | ==OWASP Click Me Project== | ||
− | The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This | + | The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website. |
− | OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame. | + | Clickjacking attack occurs when a malicious site tricks a user into clicking on a hidden element that belong to another site which they have loaded in a hidden frame or iframe.OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame. |
+ | ---- | ||
+ | Sites can use frame breaking scripts and X-Frame-Options set with DENY or SAME ORIGIN values to avoid Clickjacking attacks,by ensuring that their content is not embedded into other sites. | ||
==Licensing== | ==Licensing== | ||
The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License. | The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License. | ||
Line 17: | Line 19: | ||
The OWASP Click Me Project provides: | The OWASP Click Me Project provides: | ||
− | |||
* Proof of concept for Clickjacking vulnerability . | * Proof of concept for Clickjacking vulnerability . | ||
Line 29: | Line 30: | ||
== Quick Download == | == Quick Download == | ||
− | [https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ | + | [[Image:Darun.jpg |200px| link=https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ClickMe.zip]] |
==Classifications== | ==Classifications== | ||
Line 36: | Line 37: | ||
|- | |- | ||
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]] | | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]] | ||
− | | align="center" valign="top" width="50%"| | + | | align="center" valign="top" width="50%"| |
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | + | ||
|} | |} | ||
|} | |} | ||
− | |||
= Contributors = | = Contributors = | ||
− | |||
The OWASP Click Me Project: The primary contributors to date have been: | The OWASP Click Me Project: The primary contributors to date have been: | ||
+ | * [[User:Arun Kumar V|Arun Kumar]] | ||
− | * [[User: | + | ==Acknowledgement== |
+ | * [[User:Samantha Groves|Samantha Groves]] | ||
== References == | == References == | ||
Line 61: | Line 58: | ||
: OWASP test guide for Click jacking attacks. | : OWASP test guide for Click jacking attacks. | ||
− | = | + | =Download= |
Just a click away to get your copy of OWASP Click Me.Here we go ! | Just a click away to get your copy of OWASP Click Me.Here we go ! | ||
− | [https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ | + | ==[[Image:Darun.jpg |200px| link=https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ClickMe.zip]]== |
+ | |||
+ | Click Me is made available in 3 formats ie as a java gui,python tool and as a stand alone html page. | ||
+ | |||
+ | ==Snapshot== | ||
+ | *Java | ||
+ | [[File:Java.jpg]] | ||
+ | |||
+ | |||
+ | Note : jar file ,so you will need JRE in your system to run the file. | ||
+ | Double click the jar file or give "java -jar clickme.jar" in the command prompt. | ||
+ | ---- | ||
+ | *Python | ||
+ | [[File:pyclickme.jpg]] | ||
+ | |||
− | + | Note : Give the test url as shown in the figure, and you will need Python framework supppport to run python file. | |
− | |||
− | + | $python clickme.py | |
− | + | ---- | |
− | * | + | *Html |
+ | [[File:Hmtl.jpg]] | ||
− | |||
− | |||
− | |||
− | + | Note : Load the html in a browser and give the test url in the text area and hit click me button | |
+ | ---- | ||
+ | = Get Involved = | ||
+ | As of now, the priorities are: | ||
+ | * Creating the test html page. | ||
=Project About= | =Project About= | ||
Line 85: | Line 97: | ||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
− | [[Category:OWASP | + | [[Category:OWASP Download]] |
+ | |||
+ | [[Category:OWASP Project]] |
Latest revision as of 06:23, 3 December 2015
The OWASP Click Me Project: The primary contributors to date have been:
Acknowledgement
References
- OWASP definition on Click jacking or "UI redress attack"
- OWASP test guide for Click jacking attacks.
Just a click away to get your copy of OWASP Click Me.Here we go !
Click Me is made available in 3 formats ie as a java gui,python tool and as a stand alone html page.
Snapshot
- Java
Note : jar file ,so you will need JRE in your system to run the file.
Double click the jar file or give "java -jar clickme.jar" in the command prompt.
- Python
Note : Give the test url as shown in the figure, and you will need Python framework supppport to run python file.
$python clickme.py
- Html
Note : Load the html in a browser and give the test url in the text area and hit click me button
As of now, the priorities are:
- Creating the test html page.
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|