This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Click Me Project"

From OWASP
Jump to: navigation, search
(Download)
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
=Main=
 
=Main=
  
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
+
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
Line 19: Line 19:
  
 
The OWASP Click Me Project provides:
 
The OWASP Click Me Project provides:
 
 
* Proof of concept for Clickjacking vulnerability .
 
* Proof of concept for Clickjacking vulnerability .
  
Line 31: Line 30:
 
== Quick Download ==
 
== Quick Download ==
  
[https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/OWASPClickMe.zip Click Me]
+
[[Image:Darun.jpg |200px| link=https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ClickMe.zip]]
  
 
==Classifications==
 
==Classifications==
Line 38: Line 37:
 
   |-
 
   |-
 
   | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 
   | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
   | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
+
   | align="center" valign="top" width="50%"|  
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
 
   |-
 
   |-
   | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=]]
+
    
 
   |}
 
   |}
  
Line 66: Line 61:
  
 
Just a click away to get your copy of OWASP Click Me.Here we go !
 
Just a click away to get your copy of OWASP Click Me.Here we go !
==[https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/OWASPClickMe.zip Click Me to Download]==
+
==[[Image:Darun.jpg |200px| link=https://github.com/beingArunkumar/OWASP-ClickMe/releases/download/v1.0/ClickMe.zip]]==
 +
 
 +
Click Me is made available in 3 formats ie as a java gui,python tool and as a stand alone html page.
  
 
==Snapshot==
 
==Snapshot==
[[File:OWASPClickMe.jpg]]
+
*Java
 +
[[File:Java.jpg]]
 +
 
 +
 
 +
Note :  jar file ,so you will need JRE in your system to run the file.
 +
Double click the jar file or give "java -jar clickme.jar" in the command prompt.
 +
----
 +
*Python
 +
[[File:pyclickme.jpg]]
  
Note : OWASP Click Me is a jar file ,so you will need JRE in your system to run the file.
 
  
= Get Involved =
+
Note :  Give the test url as shown in the figure, and you will need Python framework supppport to run python file.
As of March 2014, the priorities are:
+
 
* Creating the test html page.
+
$python clickme.py
 +
----
 +
*Html
 +
[[File:Hmtl.jpg]]
  
Involvement in the development and promotion of the OWASP Click Me Project is actively encouraged!
 
You do not have to be a security expert in order to contribute.
 
Some of the ways you can help:
 
  
*Create a GUI which will help to provide a Proof of Concept on how the attack could be exploited for a given web page.
+
Note : Load the html in a browser and give the test url in the text area and hit click me button
 +
----
  
 +
= Get Involved =
 +
As of now, the priorities are:
 +
* Creating the test html page.
  
 
=Project About=
 
=Project About=
Line 89: Line 97:
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
  
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
+
[[Category:OWASP Download]]
 +
 
 +
[[Category:OWASP Project]]

Latest revision as of 06:23, 3 December 2015

OWASP Inactive Banner.jpg

OWASP Click Me Project

The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website. Clickjacking attack occurs when a malicious site tricks a user into clicking on a hidden element that belong to another site which they have loaded in a hidden frame or iframe.OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame.

Sites can use frame breaking scripts and X-Frame-Options set with DENY or SAME ORIGIN values to avoid Clickjacking attacks,by ensuring that their content is not embedded into other sites.

Licensing

The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License.

The OWASP Click Me Project provides:

  • Proof of concept for Clickjacking vulnerability .

Project Leader

Quick Download

Darun.jpg

Classifications

Owasp-incubator-trans-85.png

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Click_Me_Project&oldid=204444"