-
Notifications
You must be signed in to change notification settings - Fork 7
/
clickjacking.sh
executable file
·65 lines (61 loc) · 1.25 KB
/
clickjacking.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#! /bin/bash
dom=$1
url=$dom
red=`tput setaf 1`
reset=`tput sgr0`
bold=`tput bold`
maketmp()
{
mkdir tmp_clickjacking
}
html()
{
echo "
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="$url" width="500" height="500"></iframe>
<p>If you can see the webpage inside the box then it is vulnerable to clickjacking.</p>
</body>
</html>
" > tmp_clickjacking/clickjacking.html
}
file_save()
{
read -p "Do you want to save the PoC ? (Enter = NO) : " save
case $save in
[yY][eE][sS]|[yY])
mv tmp_clickjacking/clickjacking.html $PWD
echo "saved as clickjacking.html at $PWD"
echo "${bold}${red}press ctrl+c to exit from the script${reset}"
sleep 2
firefox clickjacking.html
rm -r tmp_clickjacking
;;
*)
echo "PoC not saved"
echo "${bold}${red}press ctrl+c to exit from the script${reset}"
firefox tmp_clickjacking/clickjacking.html
rm -r tmp_clickjacking
esac
}
ctrlc()
{
echo "Deleting Temporary files"
rm -r tmp_clickjacking
echo "Bye"
exit 0
}
trap 'ctrlc' 2
if [[ $# == 0 ]]; then
echo -e "${red}${bold}Invalid Syntax${reset} \n"
echo -e "$0 target URL \n"
echo " Eg : $0 http://www.google.com"
else
maketmp
html
file_save
fi