Busting frame busting: a study of clickjacking vulnerabilities at popular sites
Authors: G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson
Abstract:
Web framing attacks such as clickjacking use iframes to
hijack a user's web session. The most common defense,
called frame busting, prevents a
site from functioning when loaded inside a frame.
We study frame busting practices for the Alexa Top-500 sites
and show that all can be circumvented in one way or another. Some
circumventions are browser-specific while others work across browsers.
We conclude with recommendations for proper frame busting.
Reference:
In proceedings of IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010).
Full paper: pdf
Related papers: See our collection of papers on framebusting.