Department of Electrical Engineering and Computer Science
Syracuse University

ClickJacking Lab

Lab Overview

Clickjacking, also known as UI-Redress attack, misleads the victim by overlaying multiple frames and making some frames invisible. Thus the victim is displayed with one webpage but his/her action is actually on another webpage that is selected by the attackers. This attack takes advantage of the HTML property called iFrame. The objective of this lab is to understand how iFrame with some Style property can be used as the tool for such an attack. Students will first create HTML webpages and learn the use of iFrame; then they will try Clickjacking attacks on the phpBB Web Application server within the lab environment.

Lab Description and Tasks (PDF)

    For instructors: if you prefer to modify the lab description to suit your own courses, you can download the source files (Latex) from here.

Recommended Time:

  • Supervised lab environment: 2 hours
  • Unsupervised environment (e.g. take-home project): 1 week

Lecture Video: (watch)