International Journal of Engineering Science Invention Research & Development; Vol. III ,Issue I, July 2016 www.ijesird.com, e-ISSN: 2349-6185 EFFECTIVE APPROACH TO DETECT CLICKJACKING ATTACKS 1K. Joylin Bala, 2Dr.E.Babu Raj M.E., Ph.D, 1 Research Scholar, Department of Computer Science, Research and Development Centre, Bharathiar University, Coimbatore – 641 046 2Professor, Department of Computer Science Engineering, Narayanaguru College of Engineering, Chittadavu Estate, Manjalumoodu P.O, Kanyakumari Dist – 629151 ABSTRACT:- Today’s world revolves around internet Clickjacking is a security threat for web technologies. Numerous internet applications and services are available to the users to make life simpler. In this work, we applications discovered by Jeremiah Grossman and propose to detect and prevent clickjacking attacks by means of Robert Hansen in 2008 [3]. This technique strives establishing a trustworthy map between the user interface and to draw the attention of the user to click on an the web application. This is accomplished by the exploitation of agents. There are three agents proposed in this paper. They are element of the web page [4]. The attacker employs tracking agent, detection agent and action agent. The tracking an iframe, which is a html tag to embed a html agent checks for the count and the positional coordinates of the document over another document. clickable controls and saves it in local memory. The detection agent compares the loaded webpage and the local memory with respect to the count of clickable controls and the positional coordinates. In case of mismatch, the action agent throws warning to the user. The main objective of this work is to provide a secure web application by means of a secure browser. The results of the proposed work are found to be satisfactory. Key terms:- clickjack, agents. 1. INTRODUCTION Today’s world revolves around internet technologies. Numerous internet applications and services are available to the users to make life Fig 1: Clickjack attack handling system simpler. Cloud computing and internet technologies To exemplify the concept of clickjacking, are closely associated to each other. E-mail, social consider a normal webpage that possesses a networks, online banking and online shopping have clickable element. On the other hand, the adversary gained substantial spotlight. On the other hand, due designs a webpage with a clickable element for to the advent of cloud computing, all the data are triggering malicious activity. The malicious activity outsourced to cloud service providers. The reason is done by superimposing the adversary created for data outsourcing is to save memory and to webpage over the normal webpage. Thus, when a escape from the issue of data management. user attempts to click on the normal user interface However, the issue of data privacy and security element, the click operation has been done on the come into play. Thus, it becomes necessary to attacker’s user interface element. formulate countermeasures for data protection. In this work, we propose to detect and prevent The most serious threat for web applications is clickjacking attacks by means of establishing a cross-site scripting (XSS), which injects malicious trustworthy route between the user interface and the scripts into a trustworthy website [1, 2]. These web application. This is accomplished by the attacks aim at collecting data so as to crack the exploitation of agents. The main objective of this account of legitimate users, steal cookies etc. The work is to provide a secure web application by contemporary web applications suffer from means of a secure browser. The results of the clickjacking, which is more serious. proposed work are found to be satisfactory. K. Joylin Bala and Dr.E.Babu Raj ijesird , Vol. III Issue I ,July 2016/ 9 International Journal of Engineering Science Invention Research & Development; Vol. III ,Issue I, July 2016 www.ijesird.com, e-ISSN: 2349-6185 2. REVIEW OF LITERATURE can be done using CSS z-index or using Flash Player objects that are made topmost with Window In this section, we discuss known attacks Mode property [9] set to wmode=direct. and defenses for clickjacking, and compare them to Furthermore, a target element could be partially our contributions. Below, we assume a victim user overlaid by an attacker’s popup window [10]. is visiting a clickjacking attacker’s page, which Cropping: Alternatively, the attacker may crop the embeds and manipulates the target element residing target element to only show a piece of the target on a different domain, such as Facebook’s Like element, such as the “Pay” button, by wrapping the button or PayPal’s checkout dialog. target element in a new iframe that uses carefully chosen negative CSS position offsets and the Pay 2.1 EXISTING CLICKJACKING ATTACKS button’s width and height [11]. An extreme variant We classify existing attacks according to of cropping is to create multiple 1x1 pixel three ways of forcing the user into issuing input containers of the target element and using single commands out of context: (1) compromising target pixels to draw arbitrary clickable art. display integrity, the guarantee that users can fully see and recognize the target element before an input 2.1.2 Compromising pointer integrity action; (2) compromising pointer integrity, the Proper visual context requires not only the guarantee that users can rely on cursor feedback to target element, but also all pointer feedback to be select locations for their input events; and (3) fully visible and authentic. Unfortunately, an compromising temporal integrity, the guarantee that attacker may violate pointer integrity by displaying users have enough time to comprehend where they a fake cursor icon away from the pointer, known as are clicking. cursorjacking. This leads victims to misinterpret a click’s target, since they will have the wrong 2.1.1 Compromising target display integrity perception about the current cursor location. Using Hiding the target element: Modern the CSS cursor property, an attacker can easily hide browsers support HTML/CSS styling features that the default cursor and programmatically draw a allow attackers to visually hide the target element fake cursor elsewhere [12], or alternatively set a but still route mouse events to it. For example, an custom mouse cursor icon to a deceptive image that attacker can make the target element transparent by has a cursor icon shifted several pixels off the wrapping it in a div container with a CSS opacity original position [13]. value of zero; to entice a victim to click on it, the Another variant of cursor manipulation attacker can draw a decoy under the target element involves the blinking cursor which indicates by using a lower CSS z-index [5]. Alternatively, the keyboard focus (e.g., when typing text into an input attacker may completely cover the target element field). Vulnerabilities in major browsers have with an opaque decoy, but make the decoy allowed attackers to manipulate keyboard focus unclickable by setting the CSS property pointer- using strokejacking attacks [14, 15]. For example, events:none [6]. A victim’s click would then fall an attacker can embed the target element in a through the decoy and land on the (invisible) target hidden frame, while asking users to type some text element. into a fake attacker-controlled input field. As the Partial overlays: Sometimes, it is possible victim is typing, the attacker can momentarily to visually confuse a victim by obscuring only a switch keyboard focus to the target element. The part of the target element [7, 8]. For example, blinking cursor confuses victims into thinking that attackers could overlay their own information on they are typing text into the attacker’s input field, top of a PayPal checkout iframe to cover the whereas they are actually interacting with the target recipient and amount fields while leaving the “Pay” element. button intact; the victim will thus have incorrect context when clicking on “Pay”. This overlaying 2.1.3 Compromising temporal integrity K. Joylin Bala and Dr.E.Babu Raj ijesird , Vol. III Issue I ,July 2016/ 10 International Journal of Engineering Science Invention Research & Development; Vol. III ,Issue I, July 2016 www.ijesird.com, e-ISSN: 2349-6185 Attacks in the previous two sections API [3], stolen victims’ location information [17], manipulated visual context to trick the user into and injected content across domains (in an XSS sending input to the wrong UI element. An spirit) by tricking the victim to perform a drag and orthogonal way of achieving the same goal is to drop action [29, 30]. manipulate UI elements after the user has decided to click, but before the actual click occurs. Humans 3. PROPOSED APPROACH typically require a few hundred milliseconds to react to visual changes [16, 17], and attackers can This work aims at providing a trustworthy web take advantage of our slow reaction to launch service by means of a secured web browser. The timing attacks. For example, an attacker could architecture of the proposed approach relies on move the target element (via CSS position three different agent tracking agent, detection agent properties) on top of a decoy button shortly after the and action agent. This work is based on the victim hovers the cursor over the decoy, in assumption that the attacks happen only after the anticipation of the click. To predict clicks more page load. Overview of the proposed work is effectively, the attacker could ask the victim to presented below. repetitively click objects in a malicious game [18, 3.1 TRACKING AGENT: 19, 17, 20] or to double-click on a decoy button, The tracking agent tracks the web pages and moving the target element over the decoy the user interface controls. Clickable controls are immediately after the first click [21, 22]. given much importance rather than other controls.