Exploiting Clickjacking to Steal Login Data from Social Media Platforms


Mengeksploitasi Clickjacking untuk Mencuri Data Login dari Platform Media Sosial


  • (1)  Achmad Firly Henry Egitha            Program Studi Informatika, Fakultas Sains dan Teknologi, Universitas Muhammadiyah Sidoarjo  
            Indonesia

  • (2) * Yunianita Rahmawati            Program Studi Informatika, Fakultas Sains dan Teknologi, Universitas Muhammadiyah Sidoarjo  
            Indonesia
    (*) Corresponding Author

DOI: https://doi.org/10.21070/jicte.v7i1.1647

Abstract

This research focuses on designing modified clickjacking links to investigate the phenomenon of clickjacking attacks aimed at obtaining user information from WhatsApp and Instagram. It aims to both implement these attacks and assess their effectiveness in gathering data on victims. Using fake clickjacking links as a conduit, the study successfully retrieves login credentials from WhatsApp and Instagram, highlighting common defense methods against such attacks and identifying modified websites vulnerable to clickjacking techniques. The study concludes by emphasizing the need for user education, particularly on social media platforms, and proactive measures to mitigate the impact of clickjacking incidents.

Highlights:

  • Clickjacking uses hidden elements to trick users into clicking unintended actions.
  • Phishing sites mimic legitimate platforms to steal user credentials.
  • Effective defenses include X-Frame-Options, CSP, and user education.

Keywords: Attack, Link, Hacking, Security, Protection

References

Journal, 10(2), 947–953. https://doi.org/10.18421/TEM102-58

Agarwal, S., & Stock, B. (2021). First, do no harm: Studying the manipulation of security headers in browser extensions. MADWeb. https://doi.org/10.14722/madweb.2021.23016

Ahmed, M. (2023). PhishCatcher: Client-side defense against web spoofing attacks using machine learning. Access, 11, 61249–61263. https://doi.org/10.1109/ACCESS.2023.3287226

Alkawaz, M. H., Steven, S. J., & Hajamydeen, A. I. (2020). Detecting phishing websites using machine learning. In 2020 16th International Colloquium on Signal Processing and its Applications (CSPA (pp. 111–114). https://doi.org/10.1109/CSPA48992.2020.9068728

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, 1–23. https://doi.org/10.3389/fcomp.2021.563060

Arote, A., & Mandawkar, U. (2021). Android hacking in Kali Linux using Metasploit framework. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 3307, 497–504. https://doi.org/10.32628/cseit2173111

Arshey, M., & S, A. V. K. (2023). Security of web browser: A study on attacks and their defenses.

Hariram, K., & Ayala-Rivera, V. (2022). Detection of clickjacking using convolutional neural network. In MSc in Cybersecurity. National College of Ireland.

Johnson, L., & Martensson, L. (2021). Assessing HTTP security header implementations: A study of Swedish government agencies’ first line of defense against XSS and client-side supply chain attacks. https://www.diva-portal.org/smash/get/diva2:1570054/FULLTEXT02

Kalaharsha, P., & Mehtre, B. M. (2021). Detecting phishing sites – An overview. http://arxiv.org/abs/2103.12739

Liu, D. J., Geng, G. G., Jin, X. B., & Wang, W. (2021). An efficient multistage phishing website detection model based on the CASE feature framework: Aiming at the real web environment. Computers & Security, 110, 102421. https://doi.org/10.1016/j.cose.2021.102421

Mishra, A. & Fancy. (2021). Efficient detection of phishing hyperlinks using machine learning. International Journal of Cybernetics and Informatics, 10(2), 23–33. https://doi.org/10.5121/ijci.2021.100204

O’Mara, A., Alsmadi, I., & Aleroud, A. (2021). Generative adversarial analysis of phishing attacks on static and dynamic content of webpages. 19th International Symposium on Parallel and Distributed Processing with Applications, 11th International Conference on Big Data Cloud Computing, 14th International Conference on Social Computing and Networking, 1657–1662. https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00222

Puneet, K. (2021). A review on clickjacking attack and its defense mechanism. International Research Journal of Engineering and Technology (IRJET, 8(4), 1098–1101.

Sahin, M., Unlu, T., Hebert, C., Shepherd, L. A., Coull, N., & Lean, C. M. (2022). Measuring developers’ web security awareness from attack and defense perspectives. Proceedings of the 43rd Symposium on Security and Privacy Workshops, 31–43. https://doi.org/10.1109/SPW54247.2022.9833858

Su, Z., & Evans, D. (2022). Perception hacking for 2D cursorjacking in virtual reality. ACM Transactions on Virtual Reality, 1(1).

Picture in here are illustration from public domain image (License) or provided by the author, as part of their works
Published
2023-04-07
 
Issue
Vol 7 No 1 (2023): April
Section
Articles

Copyright (c) 2023 Achmad Firly Henry Egitha, Yunianita Rahmawati

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.