How To Checksite For Clickjacking
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame, iframe, embed or object. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites. Clickjacking protection, using frame-ancestors X Deny by default, using default-src 'none' X Restricts use of the tag by using base-uri 'none', base-uri 'self', or specific origins X Restricts where contents may be submitted by using form-action 'none', form-action 'self', or specific URIs X.
Vex lost sector. Grove of Ulan-Tan — For the last Lost Sector on Io, head to the Lost Oasis and look for the marker near the very top of the region. Make your way inside and defeat Qeldron Keeper for the chest.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upBranch:master
3 contributors
| # Contributor(s): nigella (@nig) |
| fromurllib.requestimporturlopen |
| fromsysimportargv, exit |
| __author__='D4Vinci' |
| defcheck(url): |
| '' check given URL is vulnerable or not '' |
| try: |
| if'http'notinurl: url='http://'+url |
| data=urlopen(url) |
| headers=data.info() |
| ifnot'X-Frame-Options'inheaders: returnTrue |
| except: returnFalse |
| defcreate_poc(url): |
| '' create HTML page of given URL '' |
| code='' |
| <html> |
| <head><title>Clickjack test page</title></head> |
| <body> |
| <p>Website is vulnerable to clickjacking!</p> |
| <iframe src='{}' width='500' height='500'></iframe> |
| </body> |
| </html> |
| ''.format(url) |
| withopen(url+'.html', 'w') asf: |
| f.write(code) |
| f.close() |
| defmain(): |
| '' Everything comes together '' |
| try: sites=open(argv[1], 'r').readlines() |
| except: print('[*] Usage: python(3) clickjacking_tester.py <file_name>'); exit(0) |
| forsiteinsites[0:]: |
| print('n[*] Checking '+site) |
| status=check(site) |
| ifstatus: |
| print(' [+] Website is vulnerable!') |
| create_poc(site.split('n')[0]) |
| print(' [*] Created a poc and saved to <URL>.html') |
| elifnotstatus: print(' [-] Website is not vulnerable!') |
| else: print('Every single thing is crashed, Python got mad, dude wtf you just did?') |
| if__name__'__main__': main() |
Copy lines Copy permalink